# Flog Txt Version 1
# Analyzer Version: 4.6.0
# Analyzer Build Date: Jul 8 2022 06:26:21
# Log Creation Date: 05.08.2022 11:00:00.157
Process:
id = "1"
image_name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
page_root = "0x14264000"
os_pid = "0x1078"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x7b4"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe\" "
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 117
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 118
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 119
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 120
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 121
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 122
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 123
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 124
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 125
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 126
start_va = 0x400000
end_va = 0x4c9fff
monitored = 1
entry_point = 0x4c4df2
region_type = mapped_file
name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")
Region:
id = 127
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 128
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 129
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 130
start_va = 0x7fff0000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 131
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 132
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 271
start_va = 0x4d0000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 272
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 273
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 274
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 275
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 276
start_va = 0x640000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 277
start_va = 0x70450000
end_va = 0x704a8fff
monitored = 1
entry_point = 0x70460780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 278
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 279
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 280
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 281
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 282
start_va = 0x4d0000
end_va = 0x58dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 283
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 284
start_va = 0x640000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 285
start_va = 0x830000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 286
start_va = 0x73e50000
end_va = 0x73ee1fff
monitored = 0
entry_point = 0x73e90380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 287
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 288
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 289
start_va = 0x76600000
end_va = 0x7667afff
monitored = 0
entry_point = 0x7661e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 290
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 291
start_va = 0x590000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 292
start_va = 0x640000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 293
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 294
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 295
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 296
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 297
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 298
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 299
start_va = 0x930000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 300
start_va = 0x6f7a0000
end_va = 0x6f81cfff
monitored = 1
entry_point = 0x6f7b0db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 301
start_va = 0x76d00000
end_va = 0x76d44fff
monitored = 0
entry_point = 0x76d1de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 302
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 303
start_va = 0x74ab0000
end_va = 0x74bfefff
monitored = 0
entry_point = 0x74b66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 304
start_va = 0x743d0000
end_va = 0x74516fff
monitored = 0
entry_point = 0x743e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 305
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 306
start_va = 0x9f0000
end_va = 0xb77fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009f0000"
filename = ""
Region:
id = 307
start_va = 0x741b0000
end_va = 0x741dafff
monitored = 0
entry_point = 0x741b5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 308
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 309
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 310
start_va = 0xb80000
end_va = 0xd00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b80000"
filename = ""
Region:
id = 311
start_va = 0xd10000
end_va = 0x210ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 312
start_va = 0x2110000
end_va = 0x21d3fff
monitored = 1
entry_point = 0x21d4df2
region_type = mapped_file
name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")
Region:
id = 313
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 314
start_va = 0x70440000
end_va = 0x70447fff
monitored = 0
entry_point = 0x704417b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 315
start_va = 0x6f0b0000
end_va = 0x6f790fff
monitored = 1
entry_point = 0x6f0dcd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 316
start_va = 0x6efb0000
end_va = 0x6f0a4fff
monitored = 0
entry_point = 0x6f004160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 317
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 318
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 319
start_va = 0x5d0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 320
start_va = 0x5e0000
end_va = 0x5effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 321
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 322
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 323
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 324
start_va = 0x620000
end_va = 0x620fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 325
start_va = 0x740000
end_va = 0x740fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 326
start_va = 0x2110000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 327
start_va = 0x2110000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 328
start_va = 0x2300000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 329
start_va = 0x750000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000750000"
filename = ""
Region:
id = 330
start_va = 0x2110000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 331
start_va = 0x2260000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002260000"
filename = ""
Region:
id = 332
start_va = 0x790000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 333
start_va = 0x2310000
end_va = 0x430ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 334
start_va = 0x930000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 335
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 336
start_va = 0x790000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 337
start_va = 0x4310000
end_va = 0x440ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004310000"
filename = ""
Region:
id = 338
start_va = 0x4410000
end_va = 0x4746fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 339
start_va = 0x6dcf0000
end_va = 0x6efa1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 340
start_va = 0x74dc0000
end_va = 0x74eaafff
monitored = 0
entry_point = 0x74dfd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 341
start_va = 0x4750000
end_va = 0x47e0fff
monitored = 0
entry_point = 0x4788cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 342
start_va = 0x72cb0000
end_va = 0x72d24fff
monitored = 0
entry_point = 0x72ce9a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 343
start_va = 0x4750000
end_va = 0x488ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004750000"
filename = ""
Region:
id = 344
start_va = 0x6d320000
end_va = 0x6dcebfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 345
start_va = 0x6cbf0000
end_va = 0x6d310fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 346
start_va = 0x6c800000
end_va = 0x6cbe2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "windowsbase.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\9a2107b30cbb02ca475f58ed046eff63\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\9a2107b30cbb02ca475f58ed046eff63\\windowsbase.ni.dll")
Region:
id = 347
start_va = 0x71200000
end_va = 0x71212fff
monitored = 0
entry_point = 0x71209950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 348
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 349
start_va = 0x71540000
end_va = 0x7155afff
monitored = 0
entry_point = 0x71549050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 350
start_va = 0x6bce0000
end_va = 0x6c7f8fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationcore.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\d7a637fdf68801e37fc897b530f9a8a6\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\d7a637fdf68801e37fc897b530f9a8a6\\presentationcore.ni.dll")
Region:
id = 351
start_va = 0x6aa40000
end_va = 0x6bcd2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationframework.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\56617af3d6fd992497999aec2be809a4\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\56617af3d6fd992497999aec2be809a4\\presentationframework.ni.dll")
Region:
id = 352
start_va = 0x7e0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 353
start_va = 0x6a9c0000
end_va = 0x6aa3ffff
monitored = 1
entry_point = 0x6a9c1180
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 354
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 355
start_va = 0x7f0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 356
start_va = 0x6a830000
end_va = 0x6a9befff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")
Region:
id = 357
start_va = 0x69bc0000
end_va = 0x6a826fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")
Region:
id = 358
start_va = 0x800000
end_va = 0x800fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 359
start_va = 0x800000
end_va = 0x801fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 360
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 361
start_va = 0x2270000
end_va = 0x22fefff
monitored = 0
entry_point = 0x227dd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 362
start_va = 0x69b20000
end_va = 0x69bb1fff
monitored = 0
entry_point = 0x69b2dd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 363
start_va = 0x4750000
end_va = 0x47effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004750000"
filename = ""
Region:
id = 364
start_va = 0x4880000
end_va = 0x488ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004880000"
filename = ""
Region:
id = 365
start_va = 0x820000
end_va = 0x820fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 366
start_va = 0x4890000
end_va = 0x494bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004890000"
filename = ""
Region:
id = 367
start_va = 0x820000
end_va = 0x823fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 368
start_va = 0x9d0000
end_va = 0x9d3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 369
start_va = 0x4950000
end_va = 0x4b5afff
monitored = 0
entry_point = 0x49fb0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 370
start_va = 0x72dd0000
end_va = 0x72fdefff
monitored = 0
entry_point = 0x72e7b0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 371
start_va = 0x2210000
end_va = 0x2210fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 372
start_va = 0x2220000
end_va = 0x2221fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002220000"
filename = ""
Region:
id = 373
start_va = 0x4950000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 374
start_va = 0x72c90000
end_va = 0x72cacfff
monitored = 0
entry_point = 0x72c93b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 375
start_va = 0x2210000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 376
start_va = 0x2230000
end_va = 0x223ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 377
start_va = 0x2240000
end_va = 0x224ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 378
start_va = 0x699b0000
end_va = 0x69b1afff
monitored = 0
entry_point = 0x69a1e360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 379
start_va = 0x4950000
end_va = 0x4a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 380
start_va = 0x4b00000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 381
start_va = 0x2270000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 382
start_va = 0x4950000
end_va = 0x4a4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 383
start_va = 0x4a70000
end_va = 0x4a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a70000"
filename = ""
Region:
id = 384
start_va = 0x764e0000
end_va = 0x765fefff
monitored = 0
entry_point = 0x76525980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 385
start_va = 0x70b70000
end_va = 0x70d60fff
monitored = 0
entry_point = 0x70c53cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 386
start_va = 0x22b0000
end_va = 0x22f8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 387
start_va = 0x2210000
end_va = 0x2213fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 388
start_va = 0x4b10000
end_va = 0x5b0ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 389
start_va = 0x2230000
end_va = 0x2233fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 390
start_va = 0x5b10000
end_va = 0x5c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b10000"
filename = ""
Region:
id = 391
start_va = 0x5c10000
end_va = 0x5d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005c10000"
filename = ""
Region:
id = 392
start_va = 0x5d10000
end_va = 0x6201fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005d10000"
filename = ""
Region:
id = 393
start_va = 0x6210000
end_va = 0x62ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 394
start_va = 0x62d0000
end_va = 0x66cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000062d0000"
filename = ""
Region:
id = 395
start_va = 0x66d0000
end_va = 0x67affff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 396
start_va = 0x67b0000
end_va = 0x684efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 397
start_va = 0x6850000
end_va = 0x68effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 398
start_va = 0x68f0000
end_va = 0x792ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 399
start_va = 0x2240000
end_va = 0x2240fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002240000"
filename = ""
Region:
id = 400
start_va = 0x4750000
end_va = 0x47b1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 401
start_va = 0x47e0000
end_va = 0x47effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047e0000"
filename = ""
Region:
id = 402
start_va = 0x2250000
end_va = 0x225ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002250000"
filename = ""
Region:
id = 403
start_va = 0x47c0000
end_va = 0x47cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 404
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 405
start_va = 0x47c0000
end_va = 0x47cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 406
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 407
start_va = 0x47f0000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 408
start_va = 0x4800000
end_va = 0x480ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 409
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 410
start_va = 0x47f0000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 411
start_va = 0x7930000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007930000"
filename = ""
Region:
id = 412
start_va = 0x7a30000
end_va = 0x8a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a30000"
filename = ""
Region:
id = 413
start_va = 0x8a30000
end_va = 0x8c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008a30000"
filename = ""
Region:
id = 414
start_va = 0x8c10000
end_va = 0x9c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008c10000"
filename = ""
Region:
id = 415
start_va = 0x9c10000
end_va = 0x9fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009c10000"
filename = ""
Region:
id = 416
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 417
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 418
start_va = 0x4830000
end_va = 0x486ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004830000"
filename = ""
Region:
id = 419
start_va = 0x4a80000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a80000"
filename = ""
Region:
id = 420
start_va = 0x9fc0000
end_va = 0xa0bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009fc0000"
filename = ""
Region:
id = 421
start_va = 0xa0c0000
end_va = 0xa1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a0c0000"
filename = ""
Region:
id = 422
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 423
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 424
start_va = 0x47d0000
end_va = 0x47d2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000047d0000"
filename = ""
Region:
id = 425
start_va = 0x47f0000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 426
start_va = 0x47f0000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 427
start_va = 0x47f0000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 428
start_va = 0x7930000
end_va = 0x79affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007930000"
filename = ""
Region:
id = 429
start_va = 0xa1c0000
end_va = 0xa2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a1c0000"
filename = ""
Region:
id = 430
start_va = 0x69830000
end_va = 0x699a2fff
monitored = 0
entry_point = 0x698dd220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 431
start_va = 0xa2c0000
end_va = 0xa342fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a2c0000"
filename = ""
Region:
id = 432
start_va = 0x4800000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 433
start_va = 0x4800000
end_va = 0x480ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004800000"
filename = ""
Region:
id = 434
start_va = 0x4810000
end_va = 0x481ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004810000"
filename = ""
Region:
id = 435
start_va = 0x4820000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004820000"
filename = ""
Region:
id = 436
start_va = 0x930000
end_va = 0x9b2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000930000"
filename = ""
Region:
id = 437
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 438
start_va = 0x69110000
end_va = 0x6982dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")
Region:
id = 439
start_va = 0x4870000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004870000"
filename = ""
Region:
id = 440
start_va = 0x5e430000
end_va = 0x5e4cbfff
monitored = 1
entry_point = 0x5e4be9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 441
start_va = 0xa350000
end_va = 0xa3ebfff
monitored = 1
entry_point = 0xa3de9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 442
start_va = 0x4a50000
end_va = 0x4a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a50000"
filename = ""
Region:
id = 443
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 444
start_va = 0x4ac0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 445
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 446
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 447
start_va = 0x4af0000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004af0000"
filename = ""
Region:
id = 448
start_va = 0x79b0000
end_va = 0x79bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079b0000"
filename = ""
Region:
id = 449
start_va = 0x79c0000
end_va = 0x79cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079c0000"
filename = ""
Region:
id = 450
start_va = 0x79d0000
end_va = 0x79dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079d0000"
filename = ""
Region:
id = 451
start_va = 0x79e0000
end_va = 0x79effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079e0000"
filename = ""
Region:
id = 452
start_va = 0x79f0000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079f0000"
filename = ""
Region:
id = 453
start_va = 0x7a00000
end_va = 0x7a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 454
start_va = 0x7a10000
end_va = 0x7a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a10000"
filename = ""
Region:
id = 455
start_va = 0x7a20000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a20000"
filename = ""
Region:
id = 456
start_va = 0xa3f0000
end_va = 0xa3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3f0000"
filename = ""
Region:
id = 457
start_va = 0xa400000
end_va = 0xa40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a400000"
filename = ""
Region:
id = 458
start_va = 0xa410000
end_va = 0xa41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a410000"
filename = ""
Region:
id = 459
start_va = 0xa420000
end_va = 0xa42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a420000"
filename = ""
Region:
id = 460
start_va = 0xa430000
end_va = 0xa43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a430000"
filename = ""
Region:
id = 461
start_va = 0xa440000
end_va = 0xa44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a440000"
filename = ""
Region:
id = 462
start_va = 0xa450000
end_va = 0xa45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a450000"
filename = ""
Region:
id = 463
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 464
start_va = 0x4ac0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 465
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 466
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 467
start_va = 0x4ac0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 468
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 469
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 470
start_va = 0x4ac0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 471
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 472
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 473
start_va = 0x4af0000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004af0000"
filename = ""
Region:
id = 474
start_va = 0x79b0000
end_va = 0x79bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079b0000"
filename = ""
Region:
id = 475
start_va = 0x79c0000
end_va = 0x79cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079c0000"
filename = ""
Region:
id = 476
start_va = 0x79d0000
end_va = 0x79dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079d0000"
filename = ""
Region:
id = 477
start_va = 0x79e0000
end_va = 0x79effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079e0000"
filename = ""
Region:
id = 478
start_va = 0x79f0000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079f0000"
filename = ""
Region:
id = 479
start_va = 0x7a00000
end_va = 0x7a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 480
start_va = 0x7a10000
end_va = 0x7a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a10000"
filename = ""
Region:
id = 481
start_va = 0x7a20000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a20000"
filename = ""
Region:
id = 482
start_va = 0xa3f0000
end_va = 0xa3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3f0000"
filename = ""
Region:
id = 483
start_va = 0xa400000
end_va = 0xa40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a400000"
filename = ""
Region:
id = 484
start_va = 0xa410000
end_va = 0xa41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a410000"
filename = ""
Region:
id = 485
start_va = 0xa420000
end_va = 0xa42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a420000"
filename = ""
Region:
id = 486
start_va = 0xa430000
end_va = 0xa43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a430000"
filename = ""
Region:
id = 487
start_va = 0xa440000
end_va = 0xa44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a440000"
filename = ""
Region:
id = 488
start_va = 0xa460000
end_va = 0xa46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a460000"
filename = ""
Region:
id = 489
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 490
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 491
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 492
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 493
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 494
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 495
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 496
start_va = 0x4ac0000
end_va = 0x4acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 497
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 498
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 499
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 500
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 501
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 502
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 503
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 504
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 505
start_va = 0x79b0000
end_va = 0x79effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079b0000"
filename = ""
Region:
id = 506
start_va = 0xa460000
end_va = 0xa55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a460000"
filename = ""
Region:
id = 507
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 508
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 509
start_va = 0xa560000
end_va = 0xa65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a560000"
filename = ""
Region:
id = 510
start_va = 0x74eb0000
end_va = 0x762aefff
monitored = 0
entry_point = 0x7506b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 511
start_va = 0x76800000
end_va = 0x76836fff
monitored = 0
entry_point = 0x76803b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 512
start_va = 0x745b0000
end_va = 0x74aa8fff
monitored = 0
entry_point = 0x747b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 513
start_va = 0x74520000
end_va = 0x745acfff
monitored = 0
entry_point = 0x74569b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 514
start_va = 0x76470000
end_va = 0x764b3fff
monitored = 0
entry_point = 0x76477410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 515
start_va = 0x73f20000
end_va = 0x73f2efff
monitored = 0
entry_point = 0x73f22e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 516
start_va = 0x4ad0000
end_va = 0x4ad0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ad0000"
filename = ""
Region:
id = 517
start_va = 0x690e0000
end_va = 0x69107fff
monitored = 0
entry_point = 0x690e7820
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 518
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 519
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 520
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 521
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 522
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 523
start_va = 0x69060000
end_va = 0x690d0fff
monitored = 0
entry_point = 0x690b69e0
region_type = mapped_file
name = "efswrt.dll"
filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll")
Region:
id = 524
start_va = 0x6f9c0000
end_va = 0x6fa87fff
monitored = 0
entry_point = 0x6fa2ae90
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll")
Region:
id = 525
start_va = 0x69010000
end_va = 0x69058fff
monitored = 0
entry_point = 0x69016450
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll")
Region:
id = 526
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 527
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 528
start_va = 0x68ef0000
end_va = 0x6900cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll")
Region:
id = 529
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 530
start_va = 0x79f0000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079f0000"
filename = ""
Region:
id = 531
start_va = 0xa660000
end_va = 0xa75ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a660000"
filename = ""
Region:
id = 532
start_va = 0x6f820000
end_va = 0x6f96afff
monitored = 0
entry_point = 0x6f881660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 533
start_va = 0xa3f0000
end_va = 0xa42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3f0000"
filename = ""
Region:
id = 534
start_va = 0xa760000
end_va = 0xa85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a760000"
filename = ""
Region:
id = 535
start_va = 0x4af0000
end_va = 0x4af0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004af0000"
filename = ""
Region:
id = 536
start_va = 0x74340000
end_va = 0x743c3fff
monitored = 0
entry_point = 0x74366220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 537
start_va = 0x6fdf0000
end_va = 0x7000bfff
monitored = 0
entry_point = 0x6ffbbc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 538
start_va = 0xa430000
end_va = 0xa430fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a430000"
filename = ""
Region:
id = 539
start_va = 0xa860000
end_va = 0xa89ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a860000"
filename = ""
Region:
id = 540
start_va = 0xa8a0000
end_va = 0xa99ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a8a0000"
filename = ""
Region:
id = 541
start_va = 0xa440000
end_va = 0xa443fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 542
start_va = 0xa9a0000
end_va = 0xa9b3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db")
Region:
id = 543
start_va = 0xa9c0000
end_va = 0xa9c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a9c0000"
filename = ""
Region:
id = 544
start_va = 0xa9d0000
end_va = 0xaa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a9d0000"
filename = ""
Region:
id = 545
start_va = 0xaa10000
end_va = 0xab0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000aa10000"
filename = ""
Region:
id = 546
start_va = 0xa440000
end_va = 0xa443fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 547
start_va = 0xab10000
end_va = 0xab54fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 548
start_va = 0xab60000
end_va = 0xab63fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 549
start_va = 0xab70000
end_va = 0xabfdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 550
start_va = 0xac00000
end_va = 0xac10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 551
start_va = 0x71780000
end_va = 0x718fdfff
monitored = 0
entry_point = 0x717fc630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 552
start_va = 0x73b80000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73dbc4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 553
start_va = 0xac20000
end_va = 0xac20fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000ac20000"
filename = ""
Region:
id = 1215
start_va = 0x79f0000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079f0000"
filename = ""
Region:
id = 1216
start_va = 0x7a00000
end_va = 0x7a0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 1217
start_va = 0x7a10000
end_va = 0x7a1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a10000"
filename = ""
Region:
id = 1218
start_va = 0x7a20000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a20000"
filename = ""
Region:
id = 1219
start_va = 0xa660000
end_va = 0xa66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a660000"
filename = ""
Region:
id = 1220
start_va = 0xa670000
end_va = 0xa67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a670000"
filename = ""
Region:
id = 1221
start_va = 0xa680000
end_va = 0xa68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a680000"
filename = ""
Region:
id = 1222
start_va = 0xa690000
end_va = 0xa69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a690000"
filename = ""
Region:
id = 1223
start_va = 0xa6a0000
end_va = 0xa6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6a0000"
filename = ""
Region:
id = 1224
start_va = 0xa6b0000
end_va = 0xa6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6b0000"
filename = ""
Region:
id = 1225
start_va = 0xa6c0000
end_va = 0xa6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6c0000"
filename = ""
Region:
id = 1226
start_va = 0xa6d0000
end_va = 0xa6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6d0000"
filename = ""
Region:
id = 1227
start_va = 0xa6e0000
end_va = 0xa6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6e0000"
filename = ""
Region:
id = 1228
start_va = 0xa6f0000
end_va = 0xa6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6f0000"
filename = ""
Region:
id = 1229
start_va = 0xa700000
end_va = 0xa70ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a700000"
filename = ""
Region:
id = 1230
start_va = 0xa710000
end_va = 0xa71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a710000"
filename = ""
Region:
id = 1231
start_va = 0xa720000
end_va = 0xa72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a720000"
filename = ""
Region:
id = 1232
start_va = 0x79f0000
end_va = 0x7a28fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000079f0000"
filename = ""
Region:
id = 1233
start_va = 0xa660000
end_va = 0xa66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a660000"
filename = ""
Region:
id = 1234
start_va = 0xa660000
end_va = 0xa66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a660000"
filename = ""
Region:
id = 1235
start_va = 0xa670000
end_va = 0xa67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a670000"
filename = ""
Region:
id = 1236
start_va = 0xa680000
end_va = 0xa68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a680000"
filename = ""
Region:
id = 1237
start_va = 0xa690000
end_va = 0xa69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a690000"
filename = ""
Region:
id = 1269
start_va = 0xa660000
end_va = 0xa69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a660000"
filename = ""
Region:
id = 1270
start_va = 0xac30000
end_va = 0xad2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000ac30000"
filename = ""
Region:
id = 1285
start_va = 0xa6a0000
end_va = 0xa6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6a0000"
filename = ""
Region:
id = 1286
start_va = 0xad30000
end_va = 0xae2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000ad30000"
filename = ""
Thread:
id = 1
os_tid = 0x144
[0092.457] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0093.797] RoInitialize () returned 0x1
[0093.798] RoUninitialize () returned 0x0
[0100.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19de58 | out: phkResult=0x19de58*=0x0) returned 0x2
[0100.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0100.660] IsAppThemed () returned 0x1
[0100.665] CoTaskMemAlloc (cb=0xf0) returned 0x8825d0
[0100.665] CreateActCtxA (pActCtx=0x19f418) returned 0x8a0d34
[0100.860] CoTaskMemFree (pv=0x8825d0)
[0100.885] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1df
[0100.887] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1de
[0100.948] GetSystemMetrics (nIndex=75) returned 1
[0100.956] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0101.950] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x69b20000
[0102.030] AdjustWindowRectEx (in: lpRect=0x19f458, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f458) returned 1
[0102.033] GetCurrentProcess () returned 0xffffffff
[0102.033] GetCurrentThread () returned 0xfffffffe
[0102.033] GetCurrentProcess () returned 0xffffffff
[0102.033] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f370, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f370*=0x298) returned 1
[0102.037] GetCurrentThreadId () returned 0x144
[0102.049] GetCurrentActCtx (in: lphActCtx=0x19f2d0 | out: lphActCtx=0x19f2d0*=0x0) returned 1
[0102.050] ActivateActCtx (in: hActCtx=0x8a0d34, lpCookie=0x19f2e0 | out: hActCtx=0x8a0d34, lpCookie=0x19f2e0) returned 1
[0102.050] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0103.267] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72dd0000
[0103.282] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000
[0103.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f194, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÜi;z1z(ú\x0bohö\x19", lpUsedDefaultChar=0x0) returned 14
[0103.282] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x73e807e0
[0103.283] GetStockObject (i=5) returned 0x1900015
[0103.287] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0103.314] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0103.314] RegisterClassW (lpWndClass=0x19f184) returned 0xc1b7
[0103.315] CoTaskMemFree (pv=0x887438)
[0103.316] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0103.316] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x70132
[0103.319] SetWindowLongW (hWnd=0x70132, nIndex=-4, dwNewLong=1944586208) returned 78644670
[0103.320] GetWindowLongW (hWnd=0x70132, nIndex=-4) returned 1944586208
[0103.321] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9e4 | out: phkResult=0x19e9e4*=0x2b4) returned 0x0
[0103.322] RegQueryValueExW (in: hKey=0x2b4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ea04, lpData=0x0, lpcbData=0x19ea00*=0x0 | out: lpType=0x19ea04*=0x0, lpData=0x0, lpcbData=0x19ea00*=0x0) returned 0x2
[0103.322] RegQueryValueExW (in: hKey=0x2b4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ea04, lpData=0x0, lpcbData=0x19ea00*=0x0 | out: lpType=0x19ea04*=0x0, lpData=0x0, lpcbData=0x19ea00*=0x0) returned 0x2
[0103.323] RegCloseKey (hKey=0x2b4) returned 0x0
[0103.325] SetWindowLongW (hWnd=0x70132, nIndex=-4, dwNewLong=78644710) returned 1944586208
[0103.326] GetWindowLongW (hWnd=0x70132, nIndex=-4) returned 78644710
[0103.326] GetWindowLongW (hWnd=0x70132, nIndex=-16) returned 113311744
[0103.327] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc14b
[0103.327] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x70132, Msg=0x24, wParam=0x0, lParam=0x19ecfc) returned 0x0
[0103.327] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1b6
[0103.328] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x70132, Msg=0x81, wParam=0x0, lParam=0x19ecf0) returned 0x1
[0103.330] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x70132, Msg=0x83, wParam=0x0, lParam=0x19ecdc) returned 0x0
[0103.720] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x70132, Msg=0x1, wParam=0x0, lParam=0x19ecf0) returned 0x0
[0103.721] GetClientRect (in: hWnd=0x70132, lpRect=0x19ea1c | out: lpRect=0x19ea1c) returned 1
[0103.721] GetWindowRect (in: hWnd=0x70132, lpRect=0x19ea1c | out: lpRect=0x19ea1c) returned 1
[0103.724] GetParent (hWnd=0x70132) returned 0x0
[0103.725] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1f600001) returned 1
[0104.618] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.618] AdjustWindowRectEx (in: lpRect=0x19f208, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f208) returned 1
[0104.624] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.624] AdjustWindowRectEx (in: lpRect=0x19f218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f218) returned 1
[0104.624] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.625] AdjustWindowRectEx (in: lpRect=0x19f218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f218) returned 1
[0104.625] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.625] AdjustWindowRectEx (in: lpRect=0x19f218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f218) returned 1
[0104.625] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.625] AdjustWindowRectEx (in: lpRect=0x19f218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f218) returned 1
[0104.625] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.625] AdjustWindowRectEx (in: lpRect=0x19f218, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f218) returned 1
[0104.625] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.625] AdjustWindowRectEx (in: lpRect=0x19f208, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f208) returned 1
[0104.627] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.628] AdjustWindowRectEx (in: lpRect=0x19f21c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f21c) returned 1
[0104.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.628] AdjustWindowRectEx (in: lpRect=0x19f21c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f21c) returned 1
[0104.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0104.628] AdjustWindowRectEx (in: lpRect=0x19f208, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f208) returned 1
[0104.721] GetCurrentThreadId () returned 0x144
[0104.721] GetCurrentThreadId () returned 0x144
[0104.930] GetSystemDefaultLCID () returned 0x409
[0104.930] GetStockObject (i=17) returned 0x10a0047
[0104.932] GetObjectW (in: h=0x10a0047, c=92, pv=0x19f06c | out: pv=0x19f06c) returned 92
[0104.934] GetDC (hWnd=0x0) returned 0xa0100d0
[0105.654] GdiplusStartup (in: token=0x5f9138, input=0x19e628, output=0x19e678 | out: token=0x5f9138, output=0x19e678) returned 0x0
[0105.668] CoTaskMemAlloc (cb=0x5c) returned 0x887778
[0106.393] GdipCreateFontFromLogfontW (hdc=0xa0100d0, logfont=0x887778, font=0x19f134) returned 0x0
[0107.155] CoTaskMemFree (pv=0x887778)
[0107.156] CoTaskMemAlloc (cb=0x5c) returned 0x8879e8
[0107.157] CoTaskMemFree (pv=0x8879e8)
[0107.157] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0107.157] CoTaskMemFree (pv=0x887438)
[0107.157] GdipGetFontUnit (font=0x4a71f08, unit=0x19f100) returned 0x0
[0107.157] GdipGetFontSize (font=0x4a71f08, size=0x19f104) returned 0x0
[0107.157] GdipGetFontStyle (font=0x4a71f08, style=0x19f0fc) returned 0x0
[0107.158] GdipGetFamily (font=0x4a71f08, family=0x19f0f8) returned 0x0
[0107.158] GdipGetFontSize (font=0x4a71f08, size=0x231a35c) returned 0x0
[0107.158] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0107.164] GetDC (hWnd=0x0) returned 0x30010545
[0107.164] GdipCreateFromHDC (hdc=0x30010545, graphics=0x19f11c) returned 0x0
[0107.172] GdipGetDpiY (graphics=0x5c1f268, dpi=0x231a464) returned 0x0
[0107.172] GdipGetFontHeight (font=0x4a71f08, graphics=0x5c1f268, height=0x19f114) returned 0x0
[0107.173] GdipGetEmHeight (family=0x5c150a0, style=0, EmHeight=0x19f11c) returned 0x0
[0107.173] GdipGetLineSpacing (family=0x5c150a0, style=0, LineSpacing=0x19f11c) returned 0x0
[0107.173] GdipDeleteGraphics (graphics=0x5c1f268) returned 0x0
[0107.175] ReleaseDC (hWnd=0x0, hDC=0x30010545) returned 1
[0107.176] GdipCreateFont (fontFamily=0x5c150a0, emSize=0x41040000, style=0, unit=0x3, font=0x231a424) returned 0x0
[0107.176] GdipGetFontSize (font=0x4a7efc0, size=0x231a428) returned 0x0
[0107.176] GdipDeleteFont (font=0x4a71f08) returned 0x0
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.178] GetCurrentThreadId () returned 0x144
[0107.180] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.180] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.199] GetProcessWindowStation () returned 0xf0
[0107.204] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x231ad00, nLength=0xc, lpnLengthNeeded=0x19f084 | out: pvInfo=0x231ad00, lpnLengthNeeded=0x19f084) returned 1
[0107.207] SetConsoleCtrlHandler (HandlerRoutine=0x4b0060e, Add=1) returned 1
[0107.207] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0107.208] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0107.209] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x231ad64 | out: lpWndClass=0x231ad64) returned 0
[0107.211] CoTaskMemAlloc (cb=0x58) returned 0x89db60
[0107.211] RegisterClassW (lpWndClass=0x19efd4) returned 0xc1da
[0107.212] CoTaskMemFree (pv=0x89db60)
[0107.213] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xa035a
[0107.223] NtdllDefWindowProc_W (hWnd=0xa035a, Msg=0x81, wParam=0x0, lParam=0x19eb10) returned 0x1
[0107.226] NtdllDefWindowProc_W (hWnd=0xa035a, Msg=0x83, wParam=0x0, lParam=0x19eafc) returned 0x0
[0107.227] NtdllDefWindowProc_W (hWnd=0xa035a, Msg=0x1, wParam=0x0, lParam=0x19eb10) returned 0x0
[0107.227] NtdllDefWindowProc_W (hWnd=0xa035a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0107.227] NtdllDefWindowProc_W (hWnd=0xa035a, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0107.237] GetSysColor (nIndex=10) returned 0xb4b4b4
[0107.237] GetSysColor (nIndex=2) returned 0xd1b499
[0107.237] GetSysColor (nIndex=9) returned 0x0
[0107.237] GetSysColor (nIndex=12) returned 0xababab
[0107.237] GetSysColor (nIndex=15) returned 0xf0f0f0
[0107.237] GetSysColor (nIndex=20) returned 0xffffff
[0107.237] GetSysColor (nIndex=16) returned 0xa0a0a0
[0107.237] GetSysColor (nIndex=15) returned 0xf0f0f0
[0107.238] GetSysColor (nIndex=16) returned 0xa0a0a0
[0107.238] GetSysColor (nIndex=21) returned 0x696969
[0107.238] GetSysColor (nIndex=22) returned 0xe3e3e3
[0107.238] GetSysColor (nIndex=20) returned 0xffffff
[0107.238] GetSysColor (nIndex=18) returned 0x0
[0107.238] GetSysColor (nIndex=1) returned 0x0
[0107.238] GetSysColor (nIndex=27) returned 0xead1b9
[0107.238] GetSysColor (nIndex=28) returned 0xf2e4d7
[0107.238] GetSysColor (nIndex=17) returned 0x6d6d6d
[0107.238] GetSysColor (nIndex=13) returned 0xff9933
[0107.238] GetSysColor (nIndex=14) returned 0xffffff
[0107.238] GetSysColor (nIndex=26) returned 0xcc6600
[0107.238] GetSysColor (nIndex=11) returned 0xfcf7f4
[0107.238] GetSysColor (nIndex=3) returned 0xdbcdbf
[0107.238] GetSysColor (nIndex=19) returned 0x0
[0107.238] GetSysColor (nIndex=24) returned 0xe1ffff
[0107.238] GetSysColor (nIndex=23) returned 0x0
[0107.238] GetSysColor (nIndex=4) returned 0xf0f0f0
[0107.238] GetSysColor (nIndex=30) returned 0xf0f0f0
[0107.238] GetSysColor (nIndex=29) returned 0xff9933
[0107.238] GetSysColor (nIndex=7) returned 0x0
[0107.238] GetSysColor (nIndex=0) returned 0xc8c8c8
[0107.238] GetSysColor (nIndex=5) returned 0xffffff
[0107.239] GetSysColor (nIndex=6) returned 0x646464
[0107.239] GetSysColor (nIndex=8) returned 0x0
[0107.239] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.239] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.245] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.245] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.246] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.246] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.254] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.254] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.254] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.254] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.254] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.255] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.255] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.255] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.255] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.255] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.255] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.255] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.255] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.255] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.256] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.256] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1a8) returned 1
[0107.256] GetCurrentThreadId () returned 0x144
[0107.256] GetCurrentThreadId () returned 0x144
[0107.256] GetCurrentThreadId () returned 0x144
[0107.256] GetCurrentThreadId () returned 0x144
[0107.256] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.256] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.256] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.256] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.259] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.260] AdjustWindowRectEx (in: lpRect=0x19f05c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f05c) returned 1
[0107.264] GdipGetFamilyName (in: family=0x5c150a0, name=0x19f028, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0107.265] CreateCompatibleDC (hdc=0x0) returned 0x31010607
[0107.266] GetCurrentObject (hdc=0x31010607, type=0x1) returned 0x1b00017
[0107.266] GetCurrentObject (hdc=0x31010607, type=0x2) returned 0x1900010
[0107.266] GetCurrentObject (hdc=0x31010607, type=0x7) returned 0x185000f
[0107.267] GetCurrentObject (hdc=0x31010607, type=0x6) returned 0x18a0048
[0107.267] SaveDC (hdc=0x31010607) returned 1
[0107.267] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.272] CoTaskMemAlloc (cb=0x5c) returned 0x887710
[0107.272] CreateFontIndirectW (lplf=0x887710) returned 0x180a0606
[0107.272] CoTaskMemFree (pv=0x887710)
[0107.272] GetObjectW (in: h=0x180a0606, c=92, pv=0x19efec | out: pv=0x19efec) returned 92
[0107.282] GetCurrentObject (hdc=0x31010607, type=0x6) returned 0x18a0048
[0107.282] GetObjectW (in: h=0x18a0048, c=92, pv=0x19efd4 | out: pv=0x19efd4) returned 92
[0107.283] SelectObject (hdc=0x31010607, h=0x180a0606) returned 0x18a0048
[0107.287] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231bec0 | out: psizl=0x231bec0) returned 1
[0107.300] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.300] AdjustWindowRectEx (in: lpRect=0x19f130, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f130) returned 1
[0107.301] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x19f1f8) returned 0x0
[0107.301] GdipCreateFont (fontFamily=0x5c11090, emSize=0x417c0000, style=1, unit=0x3, font=0x231bf9c) returned 0x0
[0107.460] GdipGetFontSize (font=0x4a71f08, size=0x231bfa0) returned 0x0
[0107.460] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.460] AdjustWindowRectEx (in: lpRect=0x19f014, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f014) returned 1
[0107.461] GdipGetFamilyName (in: family=0x5c11090, name=0x19efe0, language=0x409 | out: name="Arial") returned 0x0
[0107.461] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.461] CoTaskMemAlloc (cb=0x5c) returned 0x8879e8
[0107.461] CreateFontIndirectW (lplf=0x8879e8) returned 0x120a0605
[0107.461] CoTaskMemFree (pv=0x8879e8)
[0107.461] GetObjectW (in: h=0x120a0605, c=92, pv=0x19efa4 | out: pv=0x19efa4) returned 92
[0107.461] SelectObject (hdc=0x31010607, h=0x120a0605) returned 0x180a0606
[0107.463] DeleteObject (ho=0x180a0606) returned 1
[0107.463] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231c250 | out: psizl=0x231c250) returned 1
[0107.468] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.469] AdjustWindowRectEx (in: lpRect=0x19f0e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e8) returned 1
[0107.493] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.493] AdjustWindowRectEx (in: lpRect=0x19f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f048) returned 1
[0107.493] GdipGetFamilyName (in: family=0x5c11090, name=0x19f014, language=0x409 | out: name="Arial") returned 0x0
[0107.493] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.493] CoTaskMemAlloc (cb=0x5c) returned 0x887848
[0107.493] CreateFontIndirectW (lplf=0x887848) returned 0x190a0606
[0107.493] CoTaskMemFree (pv=0x887848)
[0107.494] GetObjectW (in: h=0x190a0606, c=92, pv=0x19efd8 | out: pv=0x19efd8) returned 92
[0107.515] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231c430 | out: psizl=0x231c430) returned 1
[0107.516] DeleteObject (ho=0x190a0606) returned 1
[0107.516] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.516] AdjustWindowRectEx (in: lpRect=0x19f17c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f17c) returned 1
[0107.517] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.517] AdjustWindowRectEx (in: lpRect=0x19f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f048) returned 1
[0107.517] GdipGetFamilyName (in: family=0x5c11090, name=0x19f014, language=0x409 | out: name="Arial") returned 0x0
[0107.517] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.517] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0107.517] CreateFontIndirectW (lplf=0x887438) returned 0x1a0a0606
[0107.517] CoTaskMemFree (pv=0x887438)
[0107.517] GetObjectW (in: h=0x1a0a0606, c=92, pv=0x19efd8 | out: pv=0x19efd8) returned 92
[0107.517] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231c60c | out: psizl=0x231c60c) returned 1
[0107.517] DeleteObject (ho=0x1a0a0606) returned 1
[0107.518] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.518] AdjustWindowRectEx (in: lpRect=0x19f024, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f024) returned 1
[0107.540] GdipGetFamilyName (in: family=0x5c11090, name=0x19ef14, language=0x409 | out: name="Arial") returned 0x0
[0107.541] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.541] CoTaskMemAlloc (cb=0x5c) returned 0x887710
[0107.541] CreateFontIndirectW (lplf=0x887710) returned 0x1b0a0606
[0107.541] CoTaskMemFree (pv=0x887710)
[0107.541] GetObjectW (in: h=0x1b0a0606, c=92, pv=0x19eed8 | out: pv=0x19eed8) returned 92
[0107.542] GetMapMode (hdc=0x31010607) returned 1
[0107.542] GetTextMetricsW (in: hdc=0x31010607, lptm=0x19ef00 | out: lptm=0x19ef00) returned 1
[0107.543] DrawTextExW (in: hdc=0x31010607, lpchText="Chipu and Co.", cchText=13, lprc=0x19f00c, format=0x2400, lpdtp=0x231c8b0 | out: lpchText="Chipu and Co.", lprc=0x19f00c) returned 24
[0107.606] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.606] AdjustWindowRectEx (in: lpRect=0x19f0f8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0f8) returned 1
[0107.606] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.607] AdjustWindowRectEx (in: lpRect=0x19f05c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f05c) returned 1
[0107.607] GdipGetFamilyName (in: family=0x5c150a0, name=0x19f028, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0107.607] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.607] CoTaskMemAlloc (cb=0x5c) returned 0x8878b0
[0107.607] CreateFontIndirectW (lplf=0x8878b0) returned 0x220a0661
[0107.607] CoTaskMemFree (pv=0x8878b0)
[0107.607] GetObjectW (in: h=0x220a0661, c=92, pv=0x19efec | out: pv=0x19efec) returned 92
[0107.607] SelectObject (hdc=0x31010607, h=0x220a0661) returned 0x120a0605
[0107.607] DeleteObject (ho=0x120a0605) returned 1
[0107.607] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231cb20 | out: psizl=0x231cb20) returned 1
[0107.608] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.608] AdjustWindowRectEx (in: lpRect=0x19f130, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f130) returned 1
[0107.608] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x19f1f8) returned 0x0
[0107.608] GdipCreateFont (fontFamily=0x5c11090, emSize=0x417c0000, style=1, unit=0x3, font=0x231cc28) returned 0x0
[0107.608] GdipGetFontSize (font=0x5c1b080, size=0x231cc2c) returned 0x0
[0107.608] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.608] AdjustWindowRectEx (in: lpRect=0x19f014, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f014) returned 1
[0107.608] GdipGetFamilyName (in: family=0x5c11090, name=0x19efe0, language=0x409 | out: name="Arial") returned 0x0
[0107.609] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.609] CoTaskMemAlloc (cb=0x5c) returned 0x887848
[0107.609] CreateFontIndirectW (lplf=0x887848) returned 0x130a0605
[0107.609] CoTaskMemFree (pv=0x887848)
[0107.609] GetObjectW (in: h=0x130a0605, c=92, pv=0x19efa4 | out: pv=0x19efa4) returned 92
[0107.609] SelectObject (hdc=0x31010607, h=0x130a0605) returned 0x220a0661
[0107.609] DeleteObject (ho=0x220a0661) returned 1
[0107.609] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231ce94 | out: psizl=0x231ce94) returned 1
[0107.610] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.610] AdjustWindowRectEx (in: lpRect=0x19f0e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e8) returned 1
[0107.610] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.610] AdjustWindowRectEx (in: lpRect=0x19f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f048) returned 1
[0107.610] GdipGetFamilyName (in: family=0x5c11090, name=0x19f014, language=0x409 | out: name="Arial") returned 0x0
[0107.610] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.610] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0107.610] CreateFontIndirectW (lplf=0x887438) returned 0x230a0661
[0107.610] CoTaskMemFree (pv=0x887438)
[0107.610] GetObjectW (in: h=0x230a0661, c=92, pv=0x19efd8 | out: pv=0x19efd8) returned 92
[0107.610] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231d074 | out: psizl=0x231d074) returned 1
[0107.610] DeleteObject (ho=0x230a0661) returned 1
[0107.611] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.611] AdjustWindowRectEx (in: lpRect=0x19f17c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f17c) returned 1
[0107.611] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.611] AdjustWindowRectEx (in: lpRect=0x19f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f048) returned 1
[0107.611] GdipGetFamilyName (in: family=0x5c11090, name=0x19f014, language=0x409 | out: name="Arial") returned 0x0
[0107.611] GetDeviceCaps (hdc=0x31010607, index=90) returned 96
[0107.611] CoTaskMemAlloc (cb=0x5c) returned 0x887848
[0107.611] CreateFontIndirectW (lplf=0x887848) returned 0x240a0661
[0107.611] CoTaskMemFree (pv=0x887848)
[0107.611] GetObjectW (in: h=0x240a0661, c=92, pv=0x19efd8 | out: pv=0x19efd8) returned 92
[0107.612] GetTextExtentPoint32W (in: hdc=0x31010607, lpString="0", c=1, psizl=0x231d250 | out: psizl=0x231d250) returned 1
[0107.612] DeleteObject (ho=0x240a0661) returned 1
[0107.612] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.613] AdjustWindowRectEx (in: lpRect=0x19f024, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f024) returned 1
[0107.613] DrawTextExW (in: hdc=0x31010607, lpchText="LMS", cchText=3, lprc=0x19f00c, format=0x2400, lpdtp=0x231d2c4 | out: lpchText="LMS", lprc=0x19f00c) returned 24
[0107.613] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.614] AdjustWindowRectEx (in: lpRect=0x19f0f8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0f8) returned 1
[0107.614] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.614] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.614] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.614] AdjustWindowRectEx (in: lpRect=0x19f1a8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f1a8) returned 1
[0107.615] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.615] AdjustWindowRectEx (in: lpRect=0x19f1dc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f1dc) returned 1
[0107.615] GetSystemMetrics (nIndex=59) returned 1456
[0107.615] GetSystemMetrics (nIndex=60) returned 916
[0107.615] GetSystemMetrics (nIndex=34) returned 136
[0107.615] GetSystemMetrics (nIndex=35) returned 39
[0107.616] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.616] AdjustWindowRectEx (in: lpRect=0x19f0dc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f0dc) returned 1
[0107.616] GetCurrentThreadId () returned 0x144
[0107.616] GetCurrentThreadId () returned 0x144
[0107.616] GetCurrentThreadId () returned 0x144
[0107.616] GetCurrentThreadId () returned 0x144
[0107.616] GetCurrentThreadId () returned 0x144
[0107.616] GetCurrentThreadId () returned 0x144
[0107.617] CreateCompatibleDC (hdc=0x0) returned 0x25010661
[0107.617] GetDC (hWnd=0x0) returned 0x30010545
[0107.618] GdipCreateFromHDC (hdc=0x30010545, graphics=0x19f02c) returned 0x0
[0107.618] CoTaskMemAlloc (cb=0x5c) returned 0x8879e8
[0107.618] GdipGetLogFontW (font=0x4a7efc0, graphics=0x5c1f3b8, logfontW=0x8879e8) returned 0x0
[0107.625] CoTaskMemFree (pv=0x8879e8)
[0107.625] CoTaskMemAlloc (cb=0x5c) returned 0x8878b0
[0107.625] CoTaskMemFree (pv=0x8878b0)
[0107.625] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0107.625] CoTaskMemFree (pv=0x887438)
[0107.625] GdipDeleteGraphics (graphics=0x5c1f3b8) returned 0x0
[0107.625] ReleaseDC (hWnd=0x0, hDC=0x30010545) returned 1
[0107.626] CoTaskMemAlloc (cb=0x5c) returned 0x887438
[0107.626] CreateFontIndirectW (lplf=0x887438) returned 0x540a08fe
[0107.626] CoTaskMemFree (pv=0x887438)
[0107.626] SelectObject (hdc=0x25010661, h=0x540a08fe) returned 0x18a0048
[0107.626] GetTextMetricsW (in: hdc=0x25010661, lptm=0x19f138 | out: lptm=0x19f138) returned 1
[0107.626] GetTextExtentPoint32W (in: hdc=0x25010661, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x231d76c | out: psizl=0x231d76c) returned 1
[0107.627] SelectObject (hdc=0x25010661, h=0x18a0048) returned 0x540a08fe
[0107.627] DeleteDC (hdc=0x25010661) returned 1
[0107.627] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.628] AdjustWindowRectEx (in: lpRect=0x19f118, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f118) returned 1
[0107.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.628] AdjustWindowRectEx (in: lpRect=0x19ef7c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19ef7c) returned 1
[0107.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.628] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.628] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.629] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.629] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.629] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.629] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.629] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.629] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.629] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.629] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.630] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.630] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.630] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.630] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.630] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.630] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.630] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.630] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.631] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.631] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.631] AdjustWindowRectEx (in: lpRect=0x19f118, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f118) returned 1
[0107.631] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.631] AdjustWindowRectEx (in: lpRect=0x19ef7c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19ef7c) returned 1
[0107.631] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.631] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.631] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.631] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.632] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.632] AdjustWindowRectEx (in: lpRect=0x19eda4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eda4) returned 1
[0107.632] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.632] AdjustWindowRectEx (in: lpRect=0x19f0e4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f0e4) returned 1
[0107.632] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.632] AdjustWindowRectEx (in: lpRect=0x19ef48, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ef48) returned 1
[0107.632] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.632] AdjustWindowRectEx (in: lpRect=0x19eda4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eda4) returned 1
[0107.633] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.633] AdjustWindowRectEx (in: lpRect=0x19ee90, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19ee90) returned 1
[0107.633] AdjustWindowRectEx (in: lpRect=0x19f0b0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f0b0) returned 1
[0107.634] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.635] AdjustWindowRectEx (in: lpRect=0x19ee08, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19ee08) returned 1
[0107.635] AdjustWindowRectEx (in: lpRect=0x19eee8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19eee8) returned 1
[0107.635] GetSystemMetrics (nIndex=34) returned 136
[0107.635] GetSystemMetrics (nIndex=35) returned 39
[0107.635] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.635] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19f078) returned 1
[0107.635] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69b20000
[0107.635] AdjustWindowRectEx (in: lpRect=0x19eedc, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19eedc) returned 1
[0107.736] EtwEventRegister (in: ProviderId=0x231e1ac, EnableCallback=0x4b0065e, CallbackContext=0x0, RegHandle=0x231e188 | out: RegHandle=0x231e188) returned 0x0
[0107.740] EtwEventSetInformation (RegHandle=0x8a7b90, InformationClass=0x32, EventInformation=0x2, InformationLength=0x231e11c) returned 0x0
[0107.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", lpFilePart=0x0) returned 0x69
[0107.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb0) returned 1
[0107.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19ef2c | out: lpFileInformation=0x19ef2c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0107.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeac) returned 1
[0108.361] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f168 | out: pfEnabled=0x19f168) returned 0x0
[0108.540] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa00, lpName=0x0) returned 0x2f8
[0108.541] memcpy (in: _Dst=0x2250000, _Src=0x233094c, _Size=0xfa00 | out: _Dst=0x2250000) returned 0x2250000
[0108.542] CloseHandle (hObject=0x2f8) returned 1
[0155.391] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e00, lpName=0x0) returned 0x304
[0155.392] memcpy (in: _Dst=0x47d0000, _Src=0x233840c, _Size=0x2e00 | out: _Dst=0x47d0000) returned 0x47d0000
[0155.392] CloseHandle (hObject=0x304) returned 1
[0155.409] CoTaskMemAlloc (cb=0x20c) returned 0x8b72b8
[0155.409] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x8b72b8 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0155.410] CoTaskMemFree (pv=0x8b72b8)
[0155.410] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19def8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0155.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19df0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0155.609] GdipLoadImageFromStream (stream=0x47f0030, image=0x19e960) returned 0x0
[0155.938] GdipImageForceValidation (image=0x5c1f3b8) returned 0x0
[0155.949] GdipGetImageType (image=0x5c1f3b8, type=0x19e95c) returned 0x0
[0155.950] GdipGetImageRawFormat (image=0x5c1f3b8, format=0x19e8d0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0155.965] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eee8) returned 0x0
[0155.967] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.967] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.967] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=0, color=0x19eed4) returned 0x0
[0155.990] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.990] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.990] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=1, color=0x19eed4) returned 0x0
[0155.990] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.990] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.990] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=2, color=0x19eed4) returned 0x0
[0155.991] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.991] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.991] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=3, color=0x19eed4) returned 0x0
[0155.991] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.991] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.991] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=4, color=0x19eed4) returned 0x0
[0155.991] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.991] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.991] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=5, color=0x19eed4) returned 0x0
[0155.991] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.991] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.991] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=6, color=0x19eed4) returned 0x0
[0155.991] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.991] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.991] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=7, color=0x19eed4) returned 0x0
[0155.992] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.992] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.992] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=8, color=0x19eed4) returned 0x0
[0155.992] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.992] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.992] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=9, color=0x19eed4) returned 0x0
[0155.992] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.992] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.992] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=10, color=0x19eed4) returned 0x0
[0155.992] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.992] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.992] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=11, color=0x19eed4) returned 0x0
[0155.992] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.992] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.992] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=12, color=0x19eed4) returned 0x0
[0155.993] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.993] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.993] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=13, color=0x19eed4) returned 0x0
[0155.993] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.993] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.993] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=14, color=0x19eed4) returned 0x0
[0155.993] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.993] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.993] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=15, color=0x19eed4) returned 0x0
[0155.993] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.993] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.993] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=16, color=0x19eed4) returned 0x0
[0155.993] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.993] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.994] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=17, color=0x19eed4) returned 0x0
[0155.994] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.994] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.994] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=18, color=0x19eed4) returned 0x0
[0155.994] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.994] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.994] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=19, color=0x19eed4) returned 0x0
[0155.994] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.994] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.994] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=20, color=0x19eed4) returned 0x0
[0155.994] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.994] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.994] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=21, color=0x19eed4) returned 0x0
[0155.994] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.994] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.995] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=22, color=0x19eed4) returned 0x0
[0155.995] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.995] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.995] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=23, color=0x19eed4) returned 0x0
[0155.995] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.995] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.995] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=24, color=0x19eed4) returned 0x0
[0155.995] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.995] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.995] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=25, color=0x19eed4) returned 0x0
[0155.995] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.995] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.995] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=26, color=0x19eed4) returned 0x0
[0155.995] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.996] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.996] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=27, color=0x19eed4) returned 0x0
[0155.996] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.996] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.996] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=28, color=0x19eed4) returned 0x0
[0155.996] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.996] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.996] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=29, color=0x19eed4) returned 0x0
[0155.996] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.996] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.996] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=30, color=0x19eed4) returned 0x0
[0155.996] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.996] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.996] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=31, color=0x19eed4) returned 0x0
[0155.996] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.997] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.997] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=32, color=0x19eed4) returned 0x0
[0155.997] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.997] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.997] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=33, color=0x19eed4) returned 0x0
[0155.997] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.997] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.997] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=34, color=0x19eed4) returned 0x0
[0155.997] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.997] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.997] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=35, color=0x19eed4) returned 0x0
[0155.997] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.997] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.997] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=36, color=0x19eed4) returned 0x0
[0155.997] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.998] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.998] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=37, color=0x19eed4) returned 0x0
[0155.998] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.998] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.998] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=38, color=0x19eed4) returned 0x0
[0155.998] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.998] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.998] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=39, color=0x19eed4) returned 0x0
[0155.998] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.998] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.998] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=40, color=0x19eed4) returned 0x0
[0155.998] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.998] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.998] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=41, color=0x19eed4) returned 0x0
[0155.999] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.999] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.999] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=42, color=0x19eed4) returned 0x0
[0155.999] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.999] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.999] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=43, color=0x19eed4) returned 0x0
[0155.999] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.999] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.999] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=44, color=0x19eed4) returned 0x0
[0155.999] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.999] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.999] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=45, color=0x19eed4) returned 0x0
[0155.999] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0155.999] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0155.999] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=46, color=0x19eed4) returned 0x0
[0156.000] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.000] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.000] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=47, color=0x19eed4) returned 0x0
[0156.000] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.000] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.000] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=48, color=0x19eed4) returned 0x0
[0156.000] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.000] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.000] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=49, color=0x19eed4) returned 0x0
[0156.000] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.000] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.000] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=50, color=0x19eed4) returned 0x0
[0156.000] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.000] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.001] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=51, color=0x19eed4) returned 0x0
[0156.001] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.001] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.001] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=52, color=0x19eed4) returned 0x0
[0156.001] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.002] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.002] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=53, color=0x19eed4) returned 0x0
[0156.002] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.002] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.002] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=54, color=0x19eed4) returned 0x0
[0156.002] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.002] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.002] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=55, color=0x19eed4) returned 0x0
[0156.002] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.002] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.002] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=56, color=0x19eed4) returned 0x0
[0156.002] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.002] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.002] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=57, color=0x19eed4) returned 0x0
[0156.002] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.003] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.003] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=58, color=0x19eed4) returned 0x0
[0156.003] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.003] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.003] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=59, color=0x19eed4) returned 0x0
[0156.003] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.003] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.003] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=60, color=0x19eed4) returned 0x0
[0156.003] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.003] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.003] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=61, color=0x19eed4) returned 0x0
[0156.003] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.003] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.003] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=62, color=0x19eed4) returned 0x0
[0156.004] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.004] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.004] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=63, color=0x19eed4) returned 0x0
[0156.004] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.004] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.004] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=64, color=0x19eed4) returned 0x0
[0156.004] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.004] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.004] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=65, color=0x19eed4) returned 0x0
[0156.004] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.004] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.004] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=66, color=0x19eed4) returned 0x0
[0156.004] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.004] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.004] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=67, color=0x19eed4) returned 0x0
[0156.005] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.005] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.005] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=68, color=0x19eed4) returned 0x0
[0156.005] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.005] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.005] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=69, color=0x19eed4) returned 0x0
[0156.005] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.005] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.005] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=70, color=0x19eed4) returned 0x0
[0156.005] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.005] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.005] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=71, color=0x19eed4) returned 0x0
[0156.005] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.005] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.005] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=72, color=0x19eed4) returned 0x0
[0156.006] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.006] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.006] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=73, color=0x19eed4) returned 0x0
[0156.006] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.006] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.006] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=74, color=0x19eed4) returned 0x0
[0156.006] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.006] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.006] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=75, color=0x19eed4) returned 0x0
[0156.006] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.006] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.006] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=76, color=0x19eed4) returned 0x0
[0156.006] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.006] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.006] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=77, color=0x19eed4) returned 0x0
[0156.007] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.007] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.007] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=78, color=0x19eed4) returned 0x0
[0156.007] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.007] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.007] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=79, color=0x19eed4) returned 0x0
[0156.007] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.007] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.007] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=80, color=0x19eed4) returned 0x0
[0156.007] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.007] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.007] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=81, color=0x19eed4) returned 0x0
[0156.007] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.007] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.007] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=82, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=83, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=84, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=85, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=86, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=87, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=88, color=0x19eed4) returned 0x0
[0156.008] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.008] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.008] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=89, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=90, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=91, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=92, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=93, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=94, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=95, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.009] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=96, color=0x19eed4) returned 0x0
[0156.009] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.009] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=97, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=98, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=99, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=100, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=101, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=102, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=103, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.010] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=104, color=0x19eed4) returned 0x0
[0156.010] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.010] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=105, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=106, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=107, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=108, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=109, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=110, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=111, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.011] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.011] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=112, color=0x19eed4) returned 0x0
[0156.011] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=113, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=114, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=115, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=116, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=117, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=118, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=119, color=0x19eed4) returned 0x0
[0156.012] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.012] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.012] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=120, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=121, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=122, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=123, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=124, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=125, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=126, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=127, color=0x19eed4) returned 0x0
[0156.013] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.013] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.013] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=128, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=129, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=130, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=131, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=132, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=133, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=134, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=135, color=0x19eed4) returned 0x0
[0156.014] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.014] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.014] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=136, color=0x19eed4) returned 0x0
[0156.015] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.015] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.015] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=137, color=0x19eed4) returned 0x0
[0156.015] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.015] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.015] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=138, color=0x19eed4) returned 0x0
[0156.015] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.015] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.015] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=139, color=0x19eed4) returned 0x0
[0156.015] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.015] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.015] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=140, color=0x19eed4) returned 0x0
[0156.015] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=141, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=142, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=143, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=144, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=145, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=146, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=147, color=0x19eed4) returned 0x0
[0156.016] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.016] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.016] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=148, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=149, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=150, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=151, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=152, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=153, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=154, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=155, color=0x19eed4) returned 0x0
[0156.017] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.017] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.017] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=156, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=157, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=158, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=159, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=160, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=161, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=162, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=163, color=0x19eed4) returned 0x0
[0156.018] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.018] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.018] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=164, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=165, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=166, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=167, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=168, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=169, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=170, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=171, color=0x19eed4) returned 0x0
[0156.019] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.019] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.019] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=172, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=173, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=174, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=175, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=176, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=177, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=178, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.020] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.020] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=179, color=0x19eed4) returned 0x0
[0156.020] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=180, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=181, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=182, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=183, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=184, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=185, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=186, color=0x19eed4) returned 0x0
[0156.021] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.021] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.021] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=187, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=188, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=189, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=190, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=191, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=192, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=193, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.022] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.022] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=194, color=0x19eed4) returned 0x0
[0156.022] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=195, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=196, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=197, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=198, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=199, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=200, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=201, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.023] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.023] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=202, color=0x19eed4) returned 0x0
[0156.023] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=203, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=204, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=205, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=206, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=207, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=208, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=209, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.024] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.024] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=210, color=0x19eed4) returned 0x0
[0156.024] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=211, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=212, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=213, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=214, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=215, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=216, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.025] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.025] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=217, color=0x19eed4) returned 0x0
[0156.025] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=218, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=219, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=220, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=221, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=222, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=223, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=224, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.026] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.026] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=225, color=0x19eed4) returned 0x0
[0156.026] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=226, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=227, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=228, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=229, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=230, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=231, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.027] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=232, color=0x19eed4) returned 0x0
[0156.027] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.027] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=233, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=234, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=235, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=236, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=237, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=238, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=239, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.028] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=240, color=0x19eed4) returned 0x0
[0156.028] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.028] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=241, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=242, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=243, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=244, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=245, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=246, color=0x19eed4) returned 0x0
[0156.029] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.029] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=247, color=0x19eed4) returned 0x0
[0156.029] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=0, y=248, color=0x19eed4) returned 0x0
[0156.115] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.116] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.117] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.118] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.119] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.120] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.121] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.122] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.123] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.124] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.125] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.125] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.125] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=177, color=0x19eed4) returned 0x0
[0156.125] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.125] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.125] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=178, color=0x19eed4) returned 0x0
[0156.125] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.125] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.125] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=179, color=0x19eed4) returned 0x0
[0156.125] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.125] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=180, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.126] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=181, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.126] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=182, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.126] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=183, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.126] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=184, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.126] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.126] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=185, color=0x19eed4) returned 0x0
[0156.126] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=186, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=187, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=188, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=189, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=190, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=191, color=0x19eed4) returned 0x0
[0156.127] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.127] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.127] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=192, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=193, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=194, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=195, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=196, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=197, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=198, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.128] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=199, color=0x19eed4) returned 0x0
[0156.128] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.128] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=200, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=201, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=202, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=203, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=204, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=205, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=206, color=0x19eed4) returned 0x0
[0156.129] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.129] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.129] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=207, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=208, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=209, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=210, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=211, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=212, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=213, color=0x19eed4) returned 0x0
[0156.130] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.130] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.130] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=214, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=215, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=216, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=217, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=218, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=219, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=220, color=0x19eed4) returned 0x0
[0156.131] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.131] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.131] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=221, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.132] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.132] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=222, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.132] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.132] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=223, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.132] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.132] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=224, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.132] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.132] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=225, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.132] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.132] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=226, color=0x19eed4) returned 0x0
[0156.132] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.133] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.133] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=227, color=0x19eed4) returned 0x0
[0156.133] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.133] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.133] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=228, color=0x19eed4) returned 0x0
[0156.133] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.133] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.133] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=229, color=0x19eed4) returned 0x0
[0156.133] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.133] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.133] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=230, color=0x19eed4) returned 0x0
[0156.133] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.133] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.133] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=231, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=232, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=233, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=234, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=235, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=236, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.134] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=237, color=0x19eed4) returned 0x0
[0156.134] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.134] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=238, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=239, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=240, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=241, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=242, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=243, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=244, color=0x19eed4) returned 0x0
[0156.135] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.135] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.135] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=245, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=246, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=247, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=248, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=249, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=250, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=251, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=252, color=0x19eed4) returned 0x0
[0156.136] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.136] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.136] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=253, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=254, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=255, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=256, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=257, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=258, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=259, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.137] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.137] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=260, color=0x19eed4) returned 0x0
[0156.137] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=261, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=262, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=263, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=264, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=265, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=266, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=267, color=0x19eed4) returned 0x0
[0156.138] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.138] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.138] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=268, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=269, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=270, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=271, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=272, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=273, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=274, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.139] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.139] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=275, color=0x19eed4) returned 0x0
[0156.139] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=276, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=277, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=278, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=279, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=280, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=281, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.140] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.140] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=282, color=0x19eed4) returned 0x0
[0156.140] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=283, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=284, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=285, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=286, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=287, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=288, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=289, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.141] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.141] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=290, color=0x19eed4) returned 0x0
[0156.141] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=291, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=292, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=293, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=294, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=295, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=296, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=297, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.142] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.142] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=298, color=0x19eed4) returned 0x0
[0156.142] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=299, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=300, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=301, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=302, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=303, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=304, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=305, color=0x19eed4) returned 0x0
[0156.143] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.143] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.143] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=306, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=307, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=308, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=309, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=310, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=311, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=312, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=313, color=0x19eed4) returned 0x0
[0156.144] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.144] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.144] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=314, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=315, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=316, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=317, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=318, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=319, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=320, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=321, color=0x19eed4) returned 0x0
[0156.145] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.145] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.145] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=322, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=323, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=324, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=325, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=326, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=327, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=328, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=329, color=0x19eed4) returned 0x0
[0156.146] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.146] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.146] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=330, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=331, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=332, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=333, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=334, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=335, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=336, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.147] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.147] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=337, color=0x19eed4) returned 0x0
[0156.147] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=338, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=339, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=340, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=341, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=342, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=343, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=344, color=0x19eed4) returned 0x0
[0156.148] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.148] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.148] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=345, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=346, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=347, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=348, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=349, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=350, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=351, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipGetImageHeight (image=0x5c1f3b8, height=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=352, color=0x19eed4) returned 0x0
[0156.149] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.149] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=353, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=354, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=355, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=356, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=357, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=358, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=359, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=360, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=361, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=362, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=363, color=0x19eed4) returned 0x0
[0156.150] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.150] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=364, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=280, y=365, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=0, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=1, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=2, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=3, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=4, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=5, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=6, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=7, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=8, color=0x19eed4) returned 0x0
[0156.151] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.151] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=9, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=10, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=11, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=12, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=13, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=14, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=15, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=16, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=17, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=18, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=19, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.152] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=20, color=0x19eed4) returned 0x0
[0156.152] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=21, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=22, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=23, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=24, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=25, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=26, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=27, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=28, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=29, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=30, color=0x19eed4) returned 0x0
[0156.153] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.153] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=31, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=32, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=33, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=34, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=35, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=36, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=37, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=38, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=39, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=40, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.154] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=41, color=0x19eed4) returned 0x0
[0156.154] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=42, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=43, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=44, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=45, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=46, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=47, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=48, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=49, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=50, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=51, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=52, color=0x19eed4) returned 0x0
[0156.155] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.155] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=53, color=0x19eed4) returned 0x0
[0156.156] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.156] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=54, color=0x19eed4) returned 0x0
[0156.156] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.156] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=55, color=0x19eed4) returned 0x0
[0156.157] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.157] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=56, color=0x19eed4) returned 0x0
[0156.157] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.157] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=57, color=0x19eed4) returned 0x0
[0156.157] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.157] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=58, color=0x19eed4) returned 0x0
[0156.157] GdipGetImageWidth (image=0x5c1f3b8, width=0x19eec4) returned 0x0
[0156.157] GdipBitmapGetPixel (bitmap=0x5c1f3b8, x=281, y=59, color=0x19eed4) returned 0x0
[0156.201] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x82600, lpName=0x0) returned 0x2fc
[0156.201] memcpy (in: _Dst=0x930000, _Src=0x3d91110, _Size=0x82600 | out: _Dst=0x930000) returned 0x930000
[0156.206] CloseHandle (hObject=0x2fc) returned 1
[0157.605] CoTaskMemAlloc (cb=0xd) returned 0x8ab6d8
[0157.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f2150, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.605] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.606] CoTaskMemFree (pv=0x8ab6d8)
[0157.616] CoTaskMemAlloc (cb=0x11) returned 0x8a19d0
[0157.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x23f248c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0157.616] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800
[0157.616] CoTaskMemFree (pv=0x8a19d0)
[0157.627] CoTaskMemAlloc (cb=0xd) returned 0x8ab6d8
[0157.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f2c64, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.627] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.627] CoTaskMemFree (pv=0x8ab6d8)
[0157.627] CoTaskMemAlloc (cb=0x1a) returned 0x8a87d8
[0157.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x23f2c9c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0157.628] GetProcAddress (hModule=0x76720000, lpProcName="Wow64SetThreadContext") returned 0x76763e60
[0157.628] CoTaskMemFree (pv=0x8a87d8)
[0157.633] CoTaskMemAlloc (cb=0xd) returned 0x8ab4f8
[0157.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f2d68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.633] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.633] CoTaskMemFree (pv=0x8ab4f8)
[0157.633] CoTaskMemAlloc (cb=0x15) returned 0x8a1a10
[0157.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x23f2da0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0157.633] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490
[0157.633] CoTaskMemFree (pv=0x8a1a10)
[0157.635] CoTaskMemAlloc (cb=0xd) returned 0x8ab7b0
[0157.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f2e68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.635] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.636] CoTaskMemFree (pv=0x8ab7b0)
[0157.636] CoTaskMemAlloc (cb=0x1a) returned 0x8a8788
[0157.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x23f2ea0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0157.636] GetProcAddress (hModule=0x76720000, lpProcName="Wow64GetThreadContext") returned 0x76763e30
[0157.636] CoTaskMemFree (pv=0x8a8788)
[0157.638] CoTaskMemAlloc (cb=0xd) returned 0x8ab6d8
[0157.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f2f6c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.638] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.638] CoTaskMemFree (pv=0x8ab6d8)
[0157.638] CoTaskMemAlloc (cb=0x15) returned 0x8a1b10
[0157.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x23f2fa4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0157.639] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60
[0157.639] CoTaskMemFree (pv=0x8a1b10)
[0157.641] CoTaskMemAlloc (cb=0xd) returned 0x8ab6d8
[0157.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f3060, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.641] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.642] CoTaskMemFree (pv=0x8ab6d8)
[0157.642] CoTaskMemAlloc (cb=0x13) returned 0x8a1970
[0157.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x23f3098, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0157.642] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730
[0157.642] CoTaskMemFree (pv=0x8a1970)
[0157.648] CoTaskMemAlloc (cb=0xd) returned 0x8ab4e0
[0157.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f3154, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.648] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.649] CoTaskMemFree (pv=0x8ab4e0)
[0157.649] CoTaskMemAlloc (cb=0x17) returned 0x8a18f0
[0157.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x23f318c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0157.649] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850
[0157.649] CoTaskMemFree (pv=0x8a18f0)
[0157.653] CoTaskMemAlloc (cb=0xd) returned 0x8ab720
[0157.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f3250, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.653] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.654] CoTaskMemFree (pv=0x8ab720)
[0157.654] CoTaskMemAlloc (cb=0x16) returned 0x8a1970
[0157.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x23f3288, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0157.654] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80
[0157.654] CoTaskMemFree (pv=0x8a1970)
[0157.659] CoTaskMemAlloc (cb=0xa) returned 0x8ab6d8
[0157.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x23f3348, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0157.659] LoadLibraryA (lpLibFileName="ntdll") returned 0x771d0000
[0157.660] CoTaskMemFree (pv=0x8ab6d8)
[0157.660] CoTaskMemAlloc (cb=0x19) returned 0x8a8788
[0157.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x23f3374, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0157.660] GetProcAddress (hModule=0x771d0000, lpProcName="ZwUnmapViewOfSection") returned 0x77246f40
[0157.660] CoTaskMemFree (pv=0x8a8788)
[0157.663] CoTaskMemAlloc (cb=0xd) returned 0x8ab540
[0157.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23f343c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0157.663] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000
[0157.663] CoTaskMemFree (pv=0x8ab540)
[0157.663] CoTaskMemAlloc (cb=0x13) returned 0x8a1a30
[0157.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x23f3474, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0157.663] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750
[0157.663] CoTaskMemFree (pv=0x8a1a30)
[0157.712] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", nBufferLength=0x105, lpBuffer=0x19e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpFilePart=0x0) returned 0x62
[0158.091] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="NUyraftjPtegGrrVzDt") returned 0x0
[0158.192] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="NUyraftjPtegGrrVzDt") returned 0x2f8
[0165.174] CoTaskMemAlloc (cb=0x20c) returned 0x8b74a0
[0165.174] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x8b74a0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0165.186] CoTaskMemFree (pv=0x8b74a0)
[0165.186] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0165.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e4c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0165.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e96c) returned 1
[0165.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\obhzolodrqr.exe"), fInfoLevelId=0x0, lpFileInformation=0x19e9e8 | out: lpFileInformation=0x19e9e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0165.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e968) returned 1
[0165.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0165.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0165.287] SetNamedSecurityInfoW () returned 0x2
[0165.763] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", nBufferLength=0x105, lpBuffer=0x19e47c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpFilePart=0x0) returned 0x62
[0165.763] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e47c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0165.764] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\obhzolodrqr.exe"), bFailIfExists=1) returned 1
[0167.120] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0167.126] GetUserNameW (in: lpBuffer=0x19e714, pcbBuffer=0x19e98c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19e98c) returned 1
[0167.160] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", dwFileAttributes=0x2007) returned 1
[0167.175] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.177] CoTaskMemAlloc (cb=0x8) returned 0x8ebad8
[0167.177] CoTaskMemAlloc (cb=0x1a) returned 0x8ed210
[0167.178] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.182] CoTaskMemFree (pv=0x8ed210)
[0167.182] CoTaskMemFree (pv=0x8ebad8)
[0167.191] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.191] LsaFreeMemory (Buffer=0x8c5b10) returned 0x0
[0167.191] LsaFreeMemory (Buffer=0x8ea438) returned 0x0
[0167.192] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.192] CoTaskMemAlloc (cb=0x8) returned 0x8eb948
[0167.192] CoTaskMemAlloc (cb=0x1a) returned 0x8ed260
[0167.192] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.193] CoTaskMemFree (pv=0x8ed260)
[0167.193] CoTaskMemFree (pv=0x8eb948)
[0167.193] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.194] LsaFreeMemory (Buffer=0x8c55c8) returned 0x0
[0167.194] LsaFreeMemory (Buffer=0x8ea178) returned 0x0
[0167.200] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.200] CoTaskMemAlloc (cb=0x8) returned 0x8ebad8
[0167.200] CoTaskMemAlloc (cb=0x1a) returned 0x8ed210
[0167.201] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.202] CoTaskMemFree (pv=0x8ed210)
[0167.202] CoTaskMemFree (pv=0x8ebad8)
[0167.202] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.202] LsaFreeMemory (Buffer=0x8c5be0) returned 0x0
[0167.202] LsaFreeMemory (Buffer=0x8ea388) returned 0x0
[0167.202] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.205] CoTaskMemAlloc (cb=0x8) returned 0x8eb948
[0167.205] CoTaskMemAlloc (cb=0x1a) returned 0x8ed260
[0167.205] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.207] CoTaskMemFree (pv=0x8ed260)
[0167.207] CoTaskMemFree (pv=0x8eb948)
[0167.207] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.209] LsaFreeMemory (Buffer=0x8c5d18) returned 0x0
[0167.209] LsaFreeMemory (Buffer=0x8ea1d0) returned 0x0
[0167.209] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.210] CoTaskMemAlloc (cb=0x8) returned 0x8ebad8
[0167.210] CoTaskMemAlloc (cb=0x1a) returned 0x8ed210
[0167.210] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.212] CoTaskMemFree (pv=0x8ed210)
[0167.212] CoTaskMemFree (pv=0x8ebad8)
[0167.212] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.213] LsaFreeMemory (Buffer=0x8c5560) returned 0x0
[0167.213] LsaFreeMemory (Buffer=0x8ea1d0) returned 0x0
[0167.213] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.213] CoTaskMemAlloc (cb=0x8) returned 0x8eb998
[0167.213] CoTaskMemAlloc (cb=0x1a) returned 0x8ed210
[0167.213] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.220] CoTaskMemFree (pv=0x8ed210)
[0167.220] CoTaskMemFree (pv=0x8eb998)
[0167.220] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.221] LsaFreeMemory (Buffer=0x8c5838) returned 0x0
[0167.221] LsaFreeMemory (Buffer=0x8ea438) returned 0x0
[0167.221] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.221] CoTaskMemAlloc (cb=0x8) returned 0x8eb998
[0167.222] CoTaskMemAlloc (cb=0x1a) returned 0x8ed210
[0167.222] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.234] CoTaskMemFree (pv=0x8ed210)
[0167.234] CoTaskMemFree (pv=0x8eb998)
[0167.235] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.237] LsaFreeMemory (Buffer=0x8c52f0) returned 0x0
[0167.237] LsaFreeMemory (Buffer=0x8ea0c8) returned 0x0
[0167.237] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.237] CoTaskMemAlloc (cb=0x8) returned 0x8eb968
[0167.238] CoTaskMemAlloc (cb=0x1a) returned 0x8ed260
[0167.238] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.265] CoTaskMemFree (pv=0x8ed260)
[0167.266] CoTaskMemFree (pv=0x8eb968)
[0167.267] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.267] LsaFreeMemory (Buffer=0x8c5c48) returned 0x0
[0167.267] LsaFreeMemory (Buffer=0x8ea438) returned 0x0
[0167.267] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e79c, DesiredAccess=0x800, PolicyHandle=0x19e75c | out: PolicyHandle=0x19e75c) returned 0x0
[0167.268] CoTaskMemAlloc (cb=0x8) returned 0x8ebad8
[0167.268] CoTaskMemAlloc (cb=0x1a) returned 0x8ed238
[0167.268] LsaLookupNames2 (in: PolicyHandle=0x8a1a50, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e770, Sids=0x19e764 | out: ReferencedDomains=0x19e770, Sids=0x19e764) returned 0x0
[0167.269] CoTaskMemFree (pv=0x8ed238)
[0167.269] CoTaskMemFree (pv=0x8ebad8)
[0167.269] LsaClose (ObjectHandle=0x8a1a50) returned 0x0
[0167.270] LsaFreeMemory (Buffer=0x8c5220) returned 0x0
[0167.270] LsaFreeMemory (Buffer=0x8ea490) returned 0x0
[0167.270] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", nBufferLength=0x105, lpBuffer=0x19e434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe", lpFilePart=0x0) returned 0x35
[0167.270] SetNamedSecurityInfoW () returned 0x0
[0167.374] GetCurrentProcess () returned 0xffffffff
[0167.375] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e864 | out: TokenHandle=0x19e864*=0x3e4) returned 1
[0167.380] GetTokenInformation (in: TokenHandle=0x3e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e85c | out: TokenInformation=0x0, ReturnLength=0x19e85c) returned 0
[0167.380] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x8eba08
[0167.380] GetTokenInformation (in: TokenHandle=0x3e4, TokenInformationClass=0x8, TokenInformation=0x8eba08, TokenInformationLength=0x4, ReturnLength=0x19e85c | out: TokenInformation=0x8eba08, ReturnLength=0x19e85c) returned 1
[0167.380] LocalFree (hMem=0x8eba08) returned 0x0
[0167.381] DuplicateTokenEx (in: hExistingToken=0x3e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x19e864 | out: phNewToken=0x19e864*=0x3e8) returned 1
[0167.381] CheckTokenMembership (in: TokenHandle=0x3e8, SidToCheck=0x24a9f04*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19e874 | out: IsMember=0x19e874) returned 1
[0167.381] CloseHandle (hObject=0x3e8) returned 1
[0167.687] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x8a1a50
[0167.687] LocalAlloc (uFlags=0x0, uBytes=0xb0) returned 0x89ce10
[0167.690] ShellExecuteExW (in: pExecInfo=0x24b33e4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x24b33e4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x528)) returned 1
[0171.354] LocalFree (hMem=0x8a1a50) returned 0x0
[0171.355] LocalFree (hMem=0x89ce10) returned 0x0
[0171.356] GetCurrentProcess () returned 0xffffffff
[0171.356] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e8fc | out: TokenHandle=0x19e8fc*=0x3f0) returned 1
[0171.360] GetCurrentProcess () returned 0xffffffff
[0171.360] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e8cc | out: TokenHandle=0x19e8cc*=0x4ac) returned 1
[0171.360] GetTokenInformation (in: TokenHandle=0x3f0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e900 | out: TokenInformation=0x0, ReturnLength=0x19e900) returned 0
[0171.361] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0xa262460
[0171.361] GetTokenInformation (in: TokenHandle=0x3f0, TokenInformationClass=0x1, TokenInformation=0xa262460, TokenInformationLength=0x24, ReturnLength=0x19e900 | out: TokenInformation=0xa262460, ReturnLength=0x19e900) returned 1
[0171.361] LocalFree (hMem=0xa262460) returned 0x0
[0171.362] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e81c, DesiredAccess=0x800, PolicyHandle=0x19e7dc | out: PolicyHandle=0x19e7dc) returned 0x0
[0171.363] LsaLookupSids (in: PolicyHandle=0xa258c98, Count=0x1, Sids=0x24fe420*=0x24fe3c4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19e7f8, Names=0x19e7ec | out: ReferencedDomains=0x19e7f8, Names=0x19e7ec) returned 0x0
[0171.364] LsaClose (ObjectHandle=0xa258c98) returned 0x0
[0171.364] LsaFreeMemory (Buffer=0x8c5428) returned 0x0
[0171.364] LsaFreeMemory (Buffer=0xa25eaf0) returned 0x0
[0171.365] CoTaskMemAlloc (cb=0x20c) returned 0xa24ae90
[0171.365] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xa24ae90 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0171.365] CoTaskMemFree (pv=0xa24ae90)
[0171.365] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19e3f8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0171.366] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0171.366] CoTaskMemAlloc (cb=0x20c) returned 0xa24ae90
[0171.366] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0xa24ae90 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa6ac.tmp")) returned 0xa6ac
[0171.431] CoTaskMemFree (pv=0xa24ae90)
[0171.444] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", nBufferLength=0x105, lpBuffer=0x19e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", lpFilePart=0x0) returned 0x34
[0171.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e7f4) returned 1
[0171.445] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa6ac.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3ec
[0171.446] GetFileType (hFile=0x3ec) returned 0x1
[0171.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e7f0) returned 1
[0171.446] GetFileType (hFile=0x3ec) returned 0x1
[0171.447] WriteFile (in: hFile=0x3ec, lpBuffer=0x25029c8*, nNumberOfBytesToWrite=0x63f, lpNumberOfBytesWritten=0x19e880, lpOverlapped=0x0 | out: lpBuffer=0x25029c8*, lpNumberOfBytesWritten=0x19e880*=0x63f, lpOverlapped=0x0) returned 1
[0171.449] CloseHandle (hObject=0x3ec) returned 1
[0171.492] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0xa257888
[0171.492] LocalAlloc (uFlags=0x0, uBytes=0xbc) returned 0x8cb0c0
[0171.492] ShellExecuteExW (in: pExecInfo=0x2504270*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ObhZOLODRqR\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2504270*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\ObhZOLODRqR\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x514)) returned 1
[0175.992] LocalFree (hMem=0xa257888) returned 0x0
[0175.992] LocalFree (hMem=0x8cb0c0) returned 0x0
[0175.994] GetCurrentProcess () returned 0xffffffff
[0175.995] GetCurrentProcess () returned 0xffffffff
[0175.995] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x514, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19e8e4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19e8e4*=0x3e8) returned 1
[0176.039] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19e8dc*=0x3e8, lpdwindex=0x19e6fc | out: lpdwindex=0x19e6fc) returned 0x0
[0189.740] CloseHandle (hObject=0x3e8) returned 1
[0189.741] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", nBufferLength=0x105, lpBuffer=0x19e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", lpFilePart=0x0) returned 0x34
[0189.741] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa6ac.tmp")) returned 1
[0190.264] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x38200, lpName=0x0) returned 0x3e8
[0190.265] memcpy (in: _Dst=0x79f0000, _Src=0x3f12dc0, _Size=0x38200 | out: _Dst=0x79f0000) returned 0x79f0000
[0190.267] CloseHandle (hObject=0x3e8) returned 1
[0190.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", nBufferLength=0x105, lpBuffer=0x19e344, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpFilePart=0x0) returned 0x62
[0190.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19dddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0190.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", cchWideChar=98, lpMultiByteStr=0x19e5f4, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe¬\x04;z1z(ú\x0bo\\î\x19", lpUsedDefaultChar=0x0) returned 98
[0190.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19e5f0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x94\x1e¬\x04C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpUsedDefaultChar=0x0) returned 0
[0190.545] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e6b4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e9b8 | out: lpCommandLine="", lpProcessInformation=0x19e9b8*(hProcess=0x4ac, hThread=0x3e8, dwProcessId=0x1324, dwThreadId=0x1318)) returned 1
[0190.942] CoTaskMemFree (pv=0x0)
[0190.951] GetThreadContext (in: hThread=0x3e8, lpContext=0x25093ec | out: lpContext=0x25093ec*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x26e000, Edx=0x0, Ecx=0x0, Eax=0x4c4df2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0190.952] ReadProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x26e008, lpBuffer=0x19e9a8, nSize=0x4, lpNumberOfBytesRead=0x19e9ec | out: lpBuffer=0x19e9a8*, lpNumberOfBytesRead=0x19e9ec*=0x4) returned 1
[0190.954] NtUnmapViewOfSection (ProcessHandle=0x4ac, BaseAddress=0x400000) returned 0x0
[0190.961] VirtualAllocEx (hProcess=0x4ac, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0190.964] WriteProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x400000, lpBuffer=0x3f7f600*, nSize=0x200, lpNumberOfBytesWritten=0x19e9ec | out: lpBuffer=0x3f7f600*, lpNumberOfBytesWritten=0x19e9ec*=0x200) returned 1
[0190.982] WriteProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x402000, lpBuffer=0x3fb3c20*, nSize=0x33e00, lpNumberOfBytesWritten=0x19e9ec | out: lpBuffer=0x3fb3c20*, lpNumberOfBytesWritten=0x19e9ec*=0x33e00) returned 1
[0191.309] WriteProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x436000, lpBuffer=0x2530154*, nSize=0x400, lpNumberOfBytesWritten=0x19e9ec | out: lpBuffer=0x2530154*, lpNumberOfBytesWritten=0x19e9ec*=0x400) returned 1
[0191.527] WriteProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x438000, lpBuffer=0x2530560*, nSize=0x200, lpNumberOfBytesWritten=0x19e9ec | out: lpBuffer=0x2530560*, lpNumberOfBytesWritten=0x19e9ec*=0x200) returned 1
[0191.709] WriteProcessMemory (in: hProcess=0x4ac, lpBaseAddress=0x26e008, lpBuffer=0x2530a6c*, nSize=0x4, lpNumberOfBytesWritten=0x19e9ec | out: lpBuffer=0x2530a6c*, lpNumberOfBytesWritten=0x19e9ec*=0x4) returned 1
[0191.760] SetThreadContext (hThread=0x3e8, lpContext=0x25093ec*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x26e000, Edx=0x0, Ecx=0x0, Eax=0x435c2e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0191.762] ResumeThread (hThread=0x3e8) returned 0x1
[0191.912] CoGetContextToken (in: pToken=0x19ee00 | out: pToken=0x19ee00) returned 0x0
[0191.912] CObjectContext::QueryInterface () returned 0x0
[0191.912] CObjectContext::GetCurrentThreadType () returned 0x0
[0191.912] Release () returned 0x3
[0191.913] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x848428*=0x14c, lpdwindex=0x19eca4 | out: lpdwindex=0x19eca4) returned 0x0
Thread:
id = 2
os_tid = 0x10e4
Thread:
id = 3
os_tid = 0xb8
Thread:
id = 4
os_tid = 0x5f8
[0093.799] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0093.799] RoInitialize () returned 0x1
[0093.799] RoUninitialize () returned 0x0
[0179.555] CloseHandle (hObject=0x3e4) returned 1
[0179.557] CloseHandle (hObject=0x528) returned 1
[0179.559] CloseHandle (hObject=0x4ac) returned 1
[0192.004] SetWindowLongW (hWnd=0x70132, nIndex=-4, dwNewLong=1944586208) returned 78644710
[0192.006] SetClassLongW (hWnd=0x70132, nIndex=-24, dwNewLong=1944586208) returned 0x4b005be
[0192.006] PostMessageW (hWnd=0x70132, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0192.007] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0192.007] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0
[0192.010] IsWindow (hWnd=0xa035a) returned 1
[0192.011] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000
[0192.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x440fa14, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWSm;z1z(ú\x0bo\x98ü@\x04\x01", lpUsedDefaultChar=0x0) returned 14
[0192.012] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x73e807e0
[0192.012] SetWindowLongW (hWnd=0xa035a, nIndex=-4, dwNewLong=1944586208) returned 78644790
[0192.015] SetClassLongW (hWnd=0xa035a, nIndex=-24, dwNewLong=1944586208) returned 0x4b00636
[0192.016] IsWindow (hWnd=0xa035a) returned 1
[0192.016] DestroyWindow (hWnd=0xa035a) returned 0
[0192.016] PostMessageW (hWnd=0xa035a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0192.016] SetConsoleCtrlHandler (HandlerRoutine=0x4b0060e, Add=0) returned 1
[0192.017] EtwEventUnregister (RegHandle=0x8a7b90) returned 0x0
[0192.041] DeleteObject (ho=0x540a08fe) returned 1
[0192.066] CloseHandle (hObject=0x298) returned 1
[0192.073] DeleteObject (ho=0x1b0a0606) returned 1
[0192.074] GdipDeleteFont (font=0x4a7efc0) returned 0x0
[0192.074] GdipDeleteFont (font=0x5c1b080) returned 0x0
[0192.075] GetCurrentObject (hdc=0x31010607, type=0x6) returned 0x130a0605
[0192.075] SelectObject (hdc=0x31010607, h=0x18a0048) returned 0x130a0605
[0192.076] DeleteObject (ho=0x130a0605) returned 1
[0192.076] DeleteDC (hdc=0x31010607) returned 1
[0192.078] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0
[0192.080] GdipDeleteFont (font=0x4a71f08) returned 0x0
[0192.081] GdipDisposeImage (image=0x5c1f3b8) returned 0x0
[0192.093] CloseHandle (hObject=0x3f0) returned 1
[0192.093] CloseHandle (hObject=0x514) returned 1
[0192.095] CloseHandle (hObject=0x2f8) returned 1
[0192.095] RegCloseKey (hKey=0x80000004) returned 0x0
Thread:
id = 5
os_tid = 0xca0
Thread:
id = 6
os_tid = 0x1160
[0128.833] CoGetContextToken (in: pToken=0x7a2fd0c | out: pToken=0x7a2fd0c) returned 0x0
[0128.833] CObjectContext::QueryInterface () returned 0x0
[0128.834] CObjectContext::GetCurrentThreadType () returned 0x0
[0128.834] Release () returned 0x0
Thread:
id = 7
os_tid = 0x1178
Thread:
id = 8
os_tid = 0x10c0
Thread:
id = 9
os_tid = 0x123c
[0158.253] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0158.253] RoInitialize () returned 0x1
[0158.253] RoUninitialize () returned 0x0
[0158.303] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xa55f13c | out: lpLuid=0xa55f13c*(LowPart=0x14, HighPart=0)) returned 1
[0158.307] GetCurrentProcess () returned 0xffffffff
[0158.308] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xa55f138 | out: TokenHandle=0xa55f138*=0x330) returned 1
[0158.310] AdjustTokenPrivileges (in: TokenHandle=0x330, DisableAllPrivileges=0, NewState=0x2404d48*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0158.311] CloseHandle (hObject=0x330) returned 1
[0158.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14cc0) returned 0x0
[0162.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14d00) returned 0x0
[0164.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14c40) returned 0x0
[0167.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14c40) returned 0x0
[0169.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14cc0) returned 0x0
[0171.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x14f00) returned 0x0
[0173.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x15278) returned 0x0
[0176.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x15278) returned 0x0
[0179.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x15430) returned 0x0
[0182.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x153b0) returned 0x0
[0184.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x15370) returned 0x0
[0187.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x15470) returned 0x0
[0189.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x154b0) returned 0x0
[0191.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xa55f820 | out: SystemInformation=0x3e13730, ResultLength=0xa55f820*=0x152a8) returned 0x0
Thread:
id = 10
os_tid = 0x1228
Thread:
id = 11
os_tid = 0x1240
Thread:
id = 12
os_tid = 0x1238
Thread:
id = 13
os_tid = 0x1230
Thread:
id = 110
os_tid = 0x1320
[0191.903] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0191.903] RoInitialize () returned 0x1
[0191.903] RoUninitialize () returned 0x0
[0191.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e13730, Length=0x20000, ResultLength=0xad2f7a0 | out: SystemInformation=0x3e13730, ResultLength=0xad2f7a0*=0x152a8) returned 0x0
Thread:
id = 111
os_tid = 0x131c
Process:
id = "2"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x1187b000"
os_pid = "0x1290"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x1078"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 554
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 555
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 556
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 557
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 558
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 559
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 560
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 561
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 562
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 563
start_va = 0xe90000
end_va = 0xf00fff
monitored = 0
entry_point = 0xe99c00
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 564
start_va = 0xf10000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f10000"
filename = ""
Region:
id = 565
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 566
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 567
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 568
start_va = 0x7fff0000
end_va = 0x7dfa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 569
start_va = 0x7dfa16770000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfa16770000"
filename = ""
Region:
id = 570
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 571
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 572
start_va = 0x400000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 573
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 574
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 575
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 576
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 577
start_va = 0x5a0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 578
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 579
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 580
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 581
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 780
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 781
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 782
start_va = 0x76600000
end_va = 0x7667afff
monitored = 0
entry_point = 0x7661e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 783
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 784
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 785
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 786
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 787
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 788
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 789
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 790
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 791
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 794
start_va = 0x74dc0000
end_va = 0x74eaafff
monitored = 0
entry_point = 0x74dfd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 795
start_va = 0x70420000
end_va = 0x70437fff
monitored = 0
entry_point = 0x70424820
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 796
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 797
start_va = 0x74ab0000
end_va = 0x74bfefff
monitored = 0
entry_point = 0x74b66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 798
start_va = 0x743d0000
end_va = 0x74516fff
monitored = 0
entry_point = 0x743e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 799
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 800
start_va = 0x70450000
end_va = 0x704a8fff
monitored = 1
entry_point = 0x70460780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 802
start_va = 0x5a0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 803
start_va = 0x6d0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 804
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 805
start_va = 0x7d0000
end_va = 0x957fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 806
start_va = 0x741b0000
end_va = 0x741dafff
monitored = 0
entry_point = 0x741b5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 809
start_va = 0x30000
end_va = 0x32fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 810
start_va = 0x960000
end_va = 0xae0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 811
start_va = 0x4f10000
end_va = 0x630ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004f10000"
filename = ""
Region:
id = 812
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 813
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 814
start_va = 0xaf0000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 815
start_va = 0x6f7a0000
end_va = 0x6f81cfff
monitored = 1
entry_point = 0x6f7b0db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 816
start_va = 0x76d00000
end_va = 0x76d44fff
monitored = 0
entry_point = 0x76d1de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 817
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 818
start_va = 0x70440000
end_va = 0x70447fff
monitored = 0
entry_point = 0x704417b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 819
start_va = 0x6f0b0000
end_va = 0x6f790fff
monitored = 1
entry_point = 0x6f0dcd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 820
start_va = 0x6efb0000
end_va = 0x6f0a4fff
monitored = 0
entry_point = 0x6f004160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 821
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 822
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 823
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 824
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 825
start_va = 0x4b0000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 826
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 827
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 828
start_va = 0x4e0000
end_va = 0x4e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 829
start_va = 0x4f0000
end_va = 0x4f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 830
start_va = 0xc40000
end_va = 0xe1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 831
start_va = 0xc40000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 832
start_va = 0xe10000
end_va = 0xe1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e10000"
filename = ""
Region:
id = 833
start_va = 0x500000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 834
start_va = 0x540000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 835
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 836
start_va = 0x6310000
end_va = 0x830ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006310000"
filename = ""
Region:
id = 837
start_va = 0x5a0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 838
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 839
start_va = 0x5c0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 840
start_va = 0x600000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1211
start_va = 0x8310000
end_va = 0x8646fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1212
start_va = 0x6dcf0000
end_va = 0x6efa1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 1213
start_va = 0x8650000
end_va = 0x881ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008650000"
filename = ""
Region:
id = 1214
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 1302
start_va = 0x6d320000
end_va = 0x6dcebfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 1325
start_va = 0x6cbf0000
end_va = 0x6d310fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 1326
start_va = 0x6cb60000
end_va = 0x6cbe2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\c3373939e7c94b541b901780981fd0cc\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\c3373939e7c94b541b901780981fd0cc\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1327
start_va = 0x71200000
end_va = 0x71212fff
monitored = 0
entry_point = 0x71209950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1328
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1329
start_va = 0x71540000
end_va = 0x7155afff
monitored = 0
entry_point = 0x71549050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1348
start_va = 0x6a320000
end_va = 0x6bbd5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\ac360ee7d819131e00d9de15ca78e746\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\ac360ee7d819131e00d9de15ca78e746\\system.management.automation.ni.dll")
Region:
id = 1395
start_va = 0x640000
end_va = 0x6a1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1423
start_va = 0x6c0000
end_va = 0x6c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll")
Region:
id = 1424
start_va = 0xaf0000
end_va = 0xafffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui")
Region:
id = 1425
start_va = 0xc30000
end_va = 0xc3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 1427
start_va = 0x764d0000
end_va = 0x764d5fff
monitored = 0
entry_point = 0x764d1460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1431
start_va = 0xb00000
end_va = 0xbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1544
start_va = 0x69930000
end_va = 0x69974fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.numerics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Numerics\\d3d95e1e349be37505587e7fee918881\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.numerics\\d3d95e1e349be37505587e7fee918881\\system.numerics.ni.dll")
Region:
id = 1546
start_va = 0xc00000
end_va = 0xc0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 1554
start_va = 0x69780000
end_va = 0x697f9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.management.infrastructure.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Mf49f6405#\\5edeb849552a1a53cfc131825d3f494c\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.mf49f6405#\\5edeb849552a1a53cfc131825d3f494c\\microsoft.management.infrastructure.ni.dll")
Region:
id = 1555
start_va = 0x69c00000
end_va = 0x6a31dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")
Region:
id = 1556
start_va = 0xc10000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c10000"
filename = ""
Region:
id = 1557
start_va = 0x69660000
end_va = 0x6977cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dired13b18a9#\\883582fb4e073bf0dfad214569e4200f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dired13b18a9#\\883582fb4e073bf0dfad214569e4200f\\system.directoryservices.ni.dll")
Region:
id = 1560
start_va = 0x69810000
end_va = 0x6992cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll")
Region:
id = 1562
start_va = 0xc20000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 1563
start_va = 0xc40000
end_va = 0xc4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 1564
start_va = 0xdf0000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000df0000"
filename = ""
Region:
id = 1651
start_va = 0xc50000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 1717
start_va = 0xc60000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Thread:
id = 14
os_tid = 0x127c
Thread:
id = 25
os_tid = 0x12fc
Thread:
id = 26
os_tid = 0x12f8
Thread:
id = 27
os_tid = 0x1328
Process:
id = "3"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0xce3b000"
os_pid = "0x109c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x1290"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 600
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 601
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 602
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 603
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 604
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 605
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 606
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 607
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 608
start_va = 0x7ff637930000
end_va = 0x7ff637940fff
monitored = 0
entry_point = 0x7ff6379316b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 609
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 610
start_va = 0x90000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 611
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 612
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 613
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 614
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 615
start_va = 0x600000
end_va = 0x6bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 616
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 617
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 618
start_va = 0x6c0000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 619
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 620
start_va = 0x7ffa0abf0000
end_va = 0x7ffa0ac48fff
monitored = 0
entry_point = 0x7ffa0abffbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 621
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 622
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 623
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 624
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 625
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 626
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 627
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 628
start_va = 0xa0000
end_va = 0xa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 629
start_va = 0x7ffa13b70000
end_va = 0x7ffa13cb2fff
monitored = 0
entry_point = 0x7ffa13b98210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 630
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 631
start_va = 0x7ffa141e0000
end_va = 0x7ffa1421afff
monitored = 0
entry_point = 0x7ffa141e12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 632
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 633
start_va = 0x7ffa11220000
end_va = 0x7ffa113a5fff
monitored = 0
entry_point = 0x7ffa1126d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 634
start_va = 0xb0000
end_va = 0xb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 635
start_va = 0x6c0000
end_va = 0x6c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 636
start_va = 0x720000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 637
start_va = 0x730000
end_va = 0x8b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000730000"
filename = ""
Region:
id = 638
start_va = 0x8c0000
end_va = 0xa40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 639
start_va = 0xa50000
end_va = 0x1e4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a50000"
filename = ""
Region:
id = 640
start_va = 0x1e50000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 647
start_va = 0x6d0000
end_va = 0x70ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 648
start_va = 0x7ffa15210000
end_va = 0x7ffa1676efff
monitored = 0
entry_point = 0x7ffa153711f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 653
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 654
start_va = 0x7ffa13520000
end_va = 0x7ffa13b63fff
monitored = 0
entry_point = 0x7ffa136e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 672
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 673
start_va = 0x7ffa14ba0000
end_va = 0x7ffa14bf1fff
monitored = 0
entry_point = 0x7ffa14baf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 691
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 692
start_va = 0x7ffa12e80000
end_va = 0x7ffa12f34fff
monitored = 0
entry_point = 0x7ffa12ec22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 699
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 700
start_va = 0x7ffa12d90000
end_va = 0x7ffa12da3fff
monitored = 0
entry_point = 0x7ffa12d952e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 701
start_va = 0x7ffa11710000
end_va = 0x7ffa117a5fff
monitored = 0
entry_point = 0x7ffa11735570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 713
start_va = 0x1e50000
end_va = 0x1ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 714
start_va = 0x2010000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 724
start_va = 0x2020000
end_va = 0x2356fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 725
start_va = 0x1ec0000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ec0000"
filename = ""
Region:
id = 726
start_va = 0x2360000
end_va = 0x255ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002360000"
filename = ""
Region:
id = 727
start_va = 0x1e50000
end_va = 0x1e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 728
start_va = 0x1eb0000
end_va = 0x1ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001eb0000"
filename = ""
Region:
id = 729
start_va = 0x7ffa14a40000
end_va = 0x7ffa14b99fff
monitored = 0
entry_point = 0x7ffa14a838e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 736
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 737
start_va = 0x2560000
end_va = 0x261bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002560000"
filename = ""
Region:
id = 738
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 739
start_va = 0x7ffa10610000
end_va = 0x7ffa10631fff
monitored = 0
entry_point = 0x7ffa10611a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 740
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 743
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 744
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 745
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 746
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 747
start_va = 0x710000
end_va = 0x714fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 748
start_va = 0x1e90000
end_va = 0x1e90fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 761
start_va = 0x1ea0000
end_va = 0x1ea1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ea0000"
filename = ""
Region:
id = 762
start_va = 0x7ffa080f0000
end_va = 0x7ffa08363fff
monitored = 0
entry_point = 0x7ffa08160400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 763
start_va = 0x1fc0000
end_va = 0x1fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 764
start_va = 0x1fd0000
end_va = 0x1fd1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001fd0000"
filename = ""
Thread:
id = 15
os_tid = 0x1184
Thread:
id = 17
os_tid = 0x1180
Thread:
id = 18
os_tid = 0x288
Thread:
id = 22
os_tid = 0x128c
Process:
id = "4"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3b3b8000"
os_pid = "0x1188"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x1078"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\ObhZOLODRqR\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 582
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 583
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 584
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 585
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 586
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 587
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 588
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 589
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 590
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 591
start_va = 0x1310000
end_va = 0x1341fff
monitored = 1
entry_point = 0x13305b0
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 592
start_va = 0x1350000
end_va = 0x534ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001350000"
filename = ""
Region:
id = 593
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 594
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 595
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 596
start_va = 0x7fff0000
end_va = 0x7dfa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 597
start_va = 0x7dfa16770000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfa16770000"
filename = ""
Region:
id = 598
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 599
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 641
start_va = 0x400000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 642
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 643
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 644
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 645
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 646
start_va = 0x580000
end_va = 0x74ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 649
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 650
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 651
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 652
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 767
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 768
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 769
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 770
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 771
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 772
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 773
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 774
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 775
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 776
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 777
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 778
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 779
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 792
start_va = 0x480000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 793
start_va = 0x750000
end_va = 0x839fff
monitored = 0
entry_point = 0x78d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 801
start_va = 0x1d0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 807
start_va = 0x750000
end_va = 0xa86fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 808
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 841
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 842
start_va = 0x74340000
end_va = 0x743c3fff
monitored = 0
entry_point = 0x74366220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 843
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 844
start_va = 0x68e60000
end_va = 0x68eebfff
monitored = 0
entry_point = 0x68e9a6c0
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 16
os_tid = 0x594
[0186.652] GetModuleHandleA (lpModuleName=0x0) returned 0x1310000
[0186.652] __set_app_type (_Type=0x1)
[0186.652] __p__fmode () returned 0x76b44d6c
[0186.652] __p__commode () returned 0x76b45b1c
[0186.652] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1330840) returned 0x0
[0186.653] __wgetmainargs (in: _Argc=0x133ade0, _Argv=0x133ade4, _Env=0x133ade8, _DoWildCard=0, _StartInfo=0x133adf4 | out: _Argc=0x133ade0, _Argv=0x133ade4, _Env=0x133ade8) returned 0
[0186.654] _onexit (_Func=0x1332bc0) returned 0x1332bc0
[0186.654] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0186.654] WinSqmIsOptedIn () returned 0x0
[0186.654] GetProcessHeap () returned 0x650000
[0186.654] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x6574e0
[0186.655] RtlRestoreLastWin32Error () returned 0x0
[0186.655] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0186.655] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0186.655] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0186.656] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0186.656] GetProcessHeap () returned 0x650000
[0186.656] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657318
[0186.656] lstrlenW (lpString="") returned 0
[0186.657] GetProcessHeap () returned 0x650000
[0186.657] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x2) returned 0x650598
[0186.657] GetProcessHeap () returned 0x650000
[0186.657] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656e48
[0186.657] GetProcessHeap () returned 0x650000
[0186.657] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657330
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656c10
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656c30
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656c50
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656840
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657348
[0186.658] GetProcessHeap () returned 0x650000
[0186.658] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656860
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656880
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6565d8
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6565f8
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657390
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x656618
[0186.659] GetProcessHeap () returned 0x650000
[0186.659] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x652780
[0186.659] GetProcessHeap () returned 0x650000
[0186.660] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6527a0
[0186.660] GetProcessHeap () returned 0x650000
[0186.660] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6527c0
[0186.660] SetThreadUILanguage (LangId=0x0) returned 0x409
[0187.059] RtlRestoreLastWin32Error () returned 0x0
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6594c8
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659408
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659328
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6595c8
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6594a8
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657360
[0187.059] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.059] GetProcessHeap () returned 0x650000
[0187.059] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x208) returned 0x658ce0
[0187.059] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x658ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0187.059] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c
[0187.099] GetProcessHeap () returned 0x650000
[0187.099] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x776) returned 0x659db8
[0187.099] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x659db8 | out: lpData=0x659db8) returned 1
[0187.099] VerQueryValueW (in: pBlock=0x659db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x65a168, puLen=0xdfb10) returned 1
[0187.102] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.102] _vsnwprintf (in: _Buffer=0x658ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0187.103] VerQueryValueW (in: pBlock=0x659db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x659f98, puLen=0xdfb18) returned 1
[0187.103] lstrlenW (lpString="schtasks.exe") returned 12
[0187.103] lstrlenW (lpString="schtasks.exe") returned 12
[0187.103] lstrlenW (lpString=".EXE") returned 4
[0187.103] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0187.103] lstrlenW (lpString="schtasks.exe") returned 12
[0187.103] lstrlenW (lpString=".EXE") returned 4
[0187.104] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.104] lstrlenW (lpString="schtasks") returned 8
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659468
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659348
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659488
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659508
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x6573c0
[0187.104] _memicmp (_Buf1=0x6573c0, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0xa0) returned 0x658ef0
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6593e8
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6595a8
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659368
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x6573f0
[0187.104] _memicmp (_Buf1=0x6573f0, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.104] GetProcessHeap () returned 0x650000
[0187.104] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x200) returned 0x65a798
[0187.104] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x65a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0187.105] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0187.105] GetProcessHeap () returned 0x650000
[0187.105] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x30) returned 0x652588
[0187.105] _vsnwprintf (in: _Buffer=0x658ef0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0187.105] GetProcessHeap () returned 0x650000
[0187.105] GetProcessHeap () returned 0x650000
[0187.105] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659db8) returned 1
[0187.105] GetProcessHeap () returned 0x650000
[0187.105] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659db8) returned 0x776
[0187.106] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659db8) returned 1
[0187.106] RtlRestoreLastWin32Error () returned 0x0
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="?") returned 1
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="create") returned 6
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="delete") returned 6
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="query") returned 5
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="change") returned 6
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="run") returned 3
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="end") returned 3
[0187.106] GetThreadLocale () returned 0x409
[0187.106] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.106] lstrlenW (lpString="showsid") returned 7
[0187.106] GetThreadLocale () returned 0x409
[0187.107] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.107] RtlRestoreLastWin32Error () returned 0x0
[0187.107] RtlRestoreLastWin32Error () returned 0x0
[0187.107] lstrlenW (lpString="/Create") returned 7
[0187.107] lstrlenW (lpString="-/") returned 2
[0187.107] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.107] lstrlenW (lpString="?") returned 1
[0187.107] lstrlenW (lpString="?") returned 1
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657420
[0187.107] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0xa) returned 0x657438
[0187.107] lstrlenW (lpString="Create") returned 6
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657450
[0187.107] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659448
[0187.107] _vsnwprintf (in: _Buffer=0x657438, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0187.107] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0187.107] lstrlenW (lpString="|?|") returned 3
[0187.107] lstrlenW (lpString="|Create|") returned 8
[0187.107] RtlRestoreLastWin32Error () returned 0x490
[0187.107] lstrlenW (lpString="create") returned 6
[0187.107] lstrlenW (lpString="create") returned 6
[0187.107] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657438) returned 1
[0187.107] GetProcessHeap () returned 0x650000
[0187.107] RtlReAllocateHeap (Heap=0x650000, Flags=0xc, Ptr=0x657438, Size=0x14) returned 0x659428
[0187.107] lstrlenW (lpString="Create") returned 6
[0187.107] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.107] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0187.108] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0187.108] lstrlenW (lpString="|create|") returned 8
[0187.108] lstrlenW (lpString="|Create|") returned 8
[0187.108] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0187.108] RtlRestoreLastWin32Error () returned 0x0
[0187.108] RtlRestoreLastWin32Error () returned 0x0
[0187.108] RtlRestoreLastWin32Error () returned 0x0
[0187.108] lstrlenW (lpString="/TN") returned 3
[0187.108] lstrlenW (lpString="-/") returned 2
[0187.108] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.108] lstrlenW (lpString="?") returned 1
[0187.108] lstrlenW (lpString="?") returned 1
[0187.108] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.108] lstrlenW (lpString="TN") returned 2
[0187.108] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.108] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0187.108] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.108] lstrlenW (lpString="|?|") returned 3
[0187.108] lstrlenW (lpString="|TN|") returned 4
[0187.108] RtlRestoreLastWin32Error () returned 0x490
[0187.108] lstrlenW (lpString="create") returned 6
[0187.108] lstrlenW (lpString="create") returned 6
[0187.108] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.108] lstrlenW (lpString="TN") returned 2
[0187.108] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.108] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0187.108] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.108] lstrlenW (lpString="|create|") returned 8
[0187.108] lstrlenW (lpString="|TN|") returned 4
[0187.108] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0187.108] RtlRestoreLastWin32Error () returned 0x490
[0187.108] lstrlenW (lpString="delete") returned 6
[0187.108] lstrlenW (lpString="delete") returned 6
[0187.108] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] lstrlenW (lpString="TN") returned 2
[0187.109] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0187.109] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.109] lstrlenW (lpString="|delete|") returned 8
[0187.109] lstrlenW (lpString="|TN|") returned 4
[0187.109] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0187.109] RtlRestoreLastWin32Error () returned 0x490
[0187.109] lstrlenW (lpString="query") returned 5
[0187.109] lstrlenW (lpString="query") returned 5
[0187.109] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] lstrlenW (lpString="TN") returned 2
[0187.109] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0187.109] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.109] lstrlenW (lpString="|query|") returned 7
[0187.109] lstrlenW (lpString="|TN|") returned 4
[0187.109] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0187.109] RtlRestoreLastWin32Error () returned 0x490
[0187.109] lstrlenW (lpString="change") returned 6
[0187.109] lstrlenW (lpString="change") returned 6
[0187.109] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] lstrlenW (lpString="TN") returned 2
[0187.109] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.109] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0187.109] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.109] lstrlenW (lpString="|change|") returned 8
[0187.109] lstrlenW (lpString="|TN|") returned 4
[0187.109] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0187.109] RtlRestoreLastWin32Error () returned 0x490
[0187.109] lstrlenW (lpString="run") returned 3
[0187.110] lstrlenW (lpString="run") returned 3
[0187.110] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.110] lstrlenW (lpString="TN") returned 2
[0187.110] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.110] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0187.110] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.110] lstrlenW (lpString="|run|") returned 5
[0187.110] lstrlenW (lpString="|TN|") returned 4
[0187.110] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0187.110] RtlRestoreLastWin32Error () returned 0x490
[0187.110] lstrlenW (lpString="end") returned 3
[0187.110] lstrlenW (lpString="end") returned 3
[0187.110] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.110] lstrlenW (lpString="TN") returned 2
[0187.110] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.110] _vsnwprintf (in: _Buffer=0x659428, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0187.110] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.110] lstrlenW (lpString="|end|") returned 5
[0187.110] lstrlenW (lpString="|TN|") returned 4
[0187.110] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0187.110] RtlRestoreLastWin32Error () returned 0x490
[0187.110] lstrlenW (lpString="showsid") returned 7
[0187.110] lstrlenW (lpString="showsid") returned 7
[0187.110] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.110] GetProcessHeap () returned 0x650000
[0187.110] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659428) returned 1
[0187.110] GetProcessHeap () returned 0x650000
[0187.110] RtlReAllocateHeap (Heap=0x650000, Flags=0xc, Ptr=0x659428, Size=0x16) returned 0x6594e8
[0187.110] lstrlenW (lpString="TN") returned 2
[0187.110] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.111] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0187.111] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0187.111] lstrlenW (lpString="|showsid|") returned 9
[0187.111] lstrlenW (lpString="|TN|") returned 4
[0187.111] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] lstrlenW (lpString="/TN") returned 3
[0187.111] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] lstrlenW (lpString="/TN") returned 3
[0187.111] GetProcessHeap () returned 0x650000
[0187.111] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x8) returned 0x656c70
[0187.111] GetProcessHeap () returned 0x650000
[0187.111] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6595e8
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.111] lstrlenW (lpString="-/") returned 2
[0187.111] StrChrIW (lpStart="-/", wMatch=0x4d0055) returned 0x0
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.111] StrChrIW (lpStart="Updates\\ObhZOLODRqR", wMatch=0x3a) returned 0x0
[0187.111] RtlRestoreLastWin32Error () returned 0x490
[0187.111] RtlRestoreLastWin32Error () returned 0x0
[0187.111] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.111] GetProcessHeap () returned 0x650000
[0187.111] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x28) returned 0x658f98
[0187.111] GetProcessHeap () returned 0x650000
[0187.111] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659428
[0187.112] RtlRestoreLastWin32Error () returned 0x0
[0187.112] RtlRestoreLastWin32Error () returned 0x0
[0187.112] lstrlenW (lpString="/XML") returned 4
[0187.112] lstrlenW (lpString="-/") returned 2
[0187.112] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.112] lstrlenW (lpString="?") returned 1
[0187.112] lstrlenW (lpString="?") returned 1
[0187.112] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.112] lstrlenW (lpString="XML") returned 3
[0187.112] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.112] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0187.112] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.112] lstrlenW (lpString="|?|") returned 3
[0187.112] lstrlenW (lpString="|XML|") returned 5
[0187.112] RtlRestoreLastWin32Error () returned 0x490
[0187.112] lstrlenW (lpString="create") returned 6
[0187.112] lstrlenW (lpString="create") returned 6
[0187.112] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.112] lstrlenW (lpString="XML") returned 3
[0187.112] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.112] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0187.112] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.112] lstrlenW (lpString="|create|") returned 8
[0187.112] lstrlenW (lpString="|XML|") returned 5
[0187.112] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0187.112] RtlRestoreLastWin32Error () returned 0x490
[0187.112] lstrlenW (lpString="delete") returned 6
[0187.112] lstrlenW (lpString="delete") returned 6
[0187.112] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.112] lstrlenW (lpString="XML") returned 3
[0187.113] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.113] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0187.113] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.113] lstrlenW (lpString="|delete|") returned 8
[0187.113] lstrlenW (lpString="|XML|") returned 5
[0187.113] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0187.113] RtlRestoreLastWin32Error () returned 0x490
[0187.113] lstrlenW (lpString="query") returned 5
[0187.113] lstrlenW (lpString="query") returned 5
[0187.113] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.113] lstrlenW (lpString="XML") returned 3
[0187.113] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.113] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0187.113] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.113] lstrlenW (lpString="|query|") returned 7
[0187.113] lstrlenW (lpString="|XML|") returned 5
[0187.113] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0187.113] RtlRestoreLastWin32Error () returned 0x490
[0187.113] lstrlenW (lpString="change") returned 6
[0187.113] lstrlenW (lpString="change") returned 6
[0187.113] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] lstrlenW (lpString="XML") returned 3
[0187.114] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0187.114] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.114] lstrlenW (lpString="|change|") returned 8
[0187.114] lstrlenW (lpString="|XML|") returned 5
[0187.114] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0187.114] RtlRestoreLastWin32Error () returned 0x490
[0187.114] lstrlenW (lpString="run") returned 3
[0187.114] lstrlenW (lpString="run") returned 3
[0187.114] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] lstrlenW (lpString="XML") returned 3
[0187.114] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0187.114] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.114] lstrlenW (lpString="|run|") returned 5
[0187.114] lstrlenW (lpString="|XML|") returned 5
[0187.114] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0187.114] RtlRestoreLastWin32Error () returned 0x490
[0187.114] lstrlenW (lpString="end") returned 3
[0187.114] lstrlenW (lpString="end") returned 3
[0187.114] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] lstrlenW (lpString="XML") returned 3
[0187.114] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.114] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0187.114] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.114] lstrlenW (lpString="|end|") returned 5
[0187.114] lstrlenW (lpString="|XML|") returned 5
[0187.114] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0187.114] RtlRestoreLastWin32Error () returned 0x490
[0187.115] lstrlenW (lpString="showsid") returned 7
[0187.115] lstrlenW (lpString="showsid") returned 7
[0187.115] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.115] lstrlenW (lpString="XML") returned 3
[0187.115] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.115] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0187.115] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0187.115] lstrlenW (lpString="|showsid|") returned 9
[0187.115] lstrlenW (lpString="|XML|") returned 5
[0187.115] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0187.115] RtlRestoreLastWin32Error () returned 0x490
[0187.115] RtlRestoreLastWin32Error () returned 0x490
[0187.115] RtlRestoreLastWin32Error () returned 0x0
[0187.115] lstrlenW (lpString="/XML") returned 4
[0187.115] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0187.115] RtlRestoreLastWin32Error () returned 0x490
[0187.115] RtlRestoreLastWin32Error () returned 0x0
[0187.115] lstrlenW (lpString="/XML") returned 4
[0187.115] GetProcessHeap () returned 0x650000
[0187.115] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0xa) returned 0x657438
[0187.115] GetProcessHeap () returned 0x650000
[0187.115] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659528
[0187.115] RtlRestoreLastWin32Error () returned 0x0
[0187.115] RtlRestoreLastWin32Error () returned 0x0
[0187.115] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.115] lstrlenW (lpString="-/") returned 2
[0187.115] StrChrIW (lpStart="-/", wMatch=0x4d0043) returned 0x0
[0187.115] RtlRestoreLastWin32Error () returned 0x490
[0187.115] RtlRestoreLastWin32Error () returned 0x490
[0187.115] RtlRestoreLastWin32Error () returned 0x0
[0187.115] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.115] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp"
[0187.115] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.115] GetProcessHeap () returned 0x650000
[0187.115] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x657468
[0187.115] _memicmp (_Buf1=0x657468, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0xc) returned 0x657480
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x65aa48
[0187.116] _memicmp (_Buf1=0x65aa48, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x6e) returned 0x6569e0
[0187.116] RtlRestoreLastWin32Error () returned 0x7a
[0187.116] RtlRestoreLastWin32Error () returned 0x0
[0187.116] RtlRestoreLastWin32Error () returned 0x0
[0187.116] lstrlenW (lpString="C") returned 1
[0187.116] RtlRestoreLastWin32Error () returned 0x490
[0187.116] RtlRestoreLastWin32Error () returned 0x0
[0187.116] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x6a) returned 0x656a58
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659388
[0187.116] RtlRestoreLastWin32Error () returned 0x0
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656c70) returned 1
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656c70) returned 0x8
[0187.116] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656c70) returned 1
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6595e8) returned 1
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6595e8) returned 0x14
[0187.116] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6595e8) returned 1
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] GetProcessHeap () returned 0x650000
[0187.116] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x658f98) returned 1
[0187.116] GetProcessHeap () returned 0x650000
[0187.117] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x658f98) returned 0x28
[0187.117] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x658f98) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659428) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659428) returned 0x14
[0187.117] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659428) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657438) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657438) returned 0xa
[0187.117] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657438) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] GetProcessHeap () returned 0x650000
[0187.117] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659528) returned 1
[0187.117] GetProcessHeap () returned 0x650000
[0187.118] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659528) returned 0x14
[0187.118] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659528) returned 1
[0187.118] GetProcessHeap () returned 0x650000
[0187.118] GetProcessHeap () returned 0x650000
[0187.118] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656a58) returned 1
[0187.118] GetProcessHeap () returned 0x650000
[0187.118] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656a58) returned 0x6a
[0187.118] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656a58) returned 1
[0187.120] GetProcessHeap () returned 0x650000
[0187.120] GetProcessHeap () returned 0x650000
[0187.120] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659388) returned 1
[0187.120] GetProcessHeap () returned 0x650000
[0187.121] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659388) returned 0x14
[0187.121] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659388) returned 1
[0187.121] GetProcessHeap () returned 0x650000
[0187.121] GetProcessHeap () returned 0x650000
[0187.121] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6574e0) returned 1
[0187.121] GetProcessHeap () returned 0x650000
[0187.121] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6574e0) returned 0x10
[0187.121] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6574e0) returned 1
[0187.122] RtlRestoreLastWin32Error () returned 0x0
[0187.122] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0187.122] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0187.122] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0187.122] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0187.122] RtlRestoreLastWin32Error () returned 0x0
[0187.122] lstrlenW (lpString="create") returned 6
[0187.122] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0187.122] RtlRestoreLastWin32Error () returned 0x490
[0187.122] RtlRestoreLastWin32Error () returned 0x0
[0187.122] lstrlenW (lpString="create") returned 6
[0187.122] GetProcessHeap () returned 0x650000
[0187.122] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x6595e8
[0187.122] GetProcessHeap () returned 0x650000
[0187.122] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x10) returned 0x65a9e8
[0187.122] _memicmp (_Buf1=0x65a9e8, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.122] GetProcessHeap () returned 0x650000
[0187.122] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x16) returned 0x659528
[0187.123] RtlRestoreLastWin32Error () returned 0x0
[0187.123] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.123] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x658ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0187.123] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c
[0187.123] GetProcessHeap () returned 0x650000
[0187.123] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x776) returned 0x659db8
[0187.123] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x659db8 | out: lpData=0x659db8) returned 1
[0187.123] VerQueryValueW (in: pBlock=0x659db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x65a168, puLen=0xdcf78) returned 1
[0187.123] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.123] _vsnwprintf (in: _Buffer=0x658ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0187.124] VerQueryValueW (in: pBlock=0x659db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x659f98, puLen=0xdcf80) returned 1
[0187.124] lstrlenW (lpString="schtasks.exe") returned 12
[0187.124] lstrlenW (lpString="schtasks.exe") returned 12
[0187.124] lstrlenW (lpString=".EXE") returned 4
[0187.124] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0187.124] lstrlenW (lpString="schtasks.exe") returned 12
[0187.124] lstrlenW (lpString=".EXE") returned 4
[0187.124] lstrlenW (lpString="schtasks") returned 8
[0187.124] lstrlenW (lpString="/create") returned 7
[0187.124] _memicmp (_Buf1=0x657360, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.124] _vsnwprintf (in: _Buffer=0x658ce0, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16
[0187.124] _memicmp (_Buf1=0x6573c0, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.124] GetProcessHeap () returned 0x650000
[0187.124] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x659548
[0187.124] _memicmp (_Buf1=0x6573f0, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.124] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x65a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0187.124] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0187.124] GetProcessHeap () returned 0x650000
[0187.124] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x30) returned 0x658f98
[0187.125] _vsnwprintf (in: _Buffer=0x658ef0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0187.125] GetProcessHeap () returned 0x650000
[0187.125] GetProcessHeap () returned 0x650000
[0187.125] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659db8) returned 1
[0187.125] GetProcessHeap () returned 0x650000
[0187.125] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659db8) returned 0x776
[0187.125] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659db8) returned 1
[0187.125] RtlRestoreLastWin32Error () returned 0x0
[0187.125] GetThreadLocale () returned 0x409
[0187.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.125] lstrlenW (lpString="create") returned 6
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="?") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="s") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="u") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="p") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="ru") returned 2
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="rp") returned 2
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="sc") returned 2
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="mo") returned 2
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="d") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.126] lstrlenW (lpString="m") returned 1
[0187.126] GetThreadLocale () returned 0x409
[0187.126] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="i") returned 1
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="tn") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="tr") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="st") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="sd") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="ed") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="it") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="et") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="k") returned 1
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="du") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="ri") returned 2
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.127] lstrlenW (lpString="z") returned 1
[0187.127] GetThreadLocale () returned 0x409
[0187.127] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="f") returned 1
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="v1") returned 2
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="xml") returned 3
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="ec") returned 2
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="rl") returned 2
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="delay") returned 5
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="np") returned 2
[0187.128] GetThreadLocale () returned 0x409
[0187.128] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0187.128] lstrlenW (lpString="hresult") returned 7
[0187.128] RtlRestoreLastWin32Error () returned 0x0
[0187.128] RtlRestoreLastWin32Error () returned 0x0
[0187.128] lstrlenW (lpString="/Create") returned 7
[0187.128] lstrlenW (lpString="-/") returned 2
[0187.128] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.128] lstrlenW (lpString="create") returned 6
[0187.128] lstrlenW (lpString="create") returned 6
[0187.129] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.129] lstrlenW (lpString="Create") returned 6
[0187.129] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.129] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0187.129] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8
[0187.129] lstrlenW (lpString="|create|") returned 8
[0187.129] lstrlenW (lpString="|Create|") returned 8
[0187.129] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0187.129] RtlRestoreLastWin32Error () returned 0x0
[0187.129] RtlRestoreLastWin32Error () returned 0x0
[0187.129] RtlRestoreLastWin32Error () returned 0x0
[0187.129] lstrlenW (lpString="/TN") returned 3
[0187.129] lstrlenW (lpString="-/") returned 2
[0187.129] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.129] lstrlenW (lpString="create") returned 6
[0187.129] lstrlenW (lpString="create") returned 6
[0187.129] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.129] lstrlenW (lpString="TN") returned 2
[0187.129] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.129] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0187.129] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.129] lstrlenW (lpString="|create|") returned 8
[0187.129] lstrlenW (lpString="|TN|") returned 4
[0187.129] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0187.129] RtlRestoreLastWin32Error () returned 0x490
[0187.129] lstrlenW (lpString="?") returned 1
[0187.129] lstrlenW (lpString="?") returned 1
[0187.129] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.129] lstrlenW (lpString="TN") returned 2
[0187.129] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0187.130] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.130] lstrlenW (lpString="|?|") returned 3
[0187.130] lstrlenW (lpString="|TN|") returned 4
[0187.130] RtlRestoreLastWin32Error () returned 0x490
[0187.130] lstrlenW (lpString="s") returned 1
[0187.130] lstrlenW (lpString="s") returned 1
[0187.130] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] lstrlenW (lpString="TN") returned 2
[0187.130] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0187.130] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.130] lstrlenW (lpString="|s|") returned 3
[0187.130] lstrlenW (lpString="|TN|") returned 4
[0187.130] RtlRestoreLastWin32Error () returned 0x490
[0187.130] lstrlenW (lpString="u") returned 1
[0187.130] lstrlenW (lpString="u") returned 1
[0187.130] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] lstrlenW (lpString="TN") returned 2
[0187.130] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0187.130] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.130] lstrlenW (lpString="|u|") returned 3
[0187.130] lstrlenW (lpString="|TN|") returned 4
[0187.130] RtlRestoreLastWin32Error () returned 0x490
[0187.130] lstrlenW (lpString="p") returned 1
[0187.130] lstrlenW (lpString="p") returned 1
[0187.130] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] lstrlenW (lpString="TN") returned 2
[0187.130] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.130] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0187.130] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.131] lstrlenW (lpString="|p|") returned 3
[0187.131] lstrlenW (lpString="|TN|") returned 4
[0187.131] RtlRestoreLastWin32Error () returned 0x490
[0187.131] lstrlenW (lpString="ru") returned 2
[0187.131] lstrlenW (lpString="ru") returned 2
[0187.131] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] lstrlenW (lpString="TN") returned 2
[0187.131] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0187.131] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.131] lstrlenW (lpString="|ru|") returned 4
[0187.131] lstrlenW (lpString="|TN|") returned 4
[0187.131] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0187.131] RtlRestoreLastWin32Error () returned 0x490
[0187.131] lstrlenW (lpString="rp") returned 2
[0187.131] lstrlenW (lpString="rp") returned 2
[0187.131] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] lstrlenW (lpString="TN") returned 2
[0187.131] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0187.131] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.131] lstrlenW (lpString="|rp|") returned 4
[0187.131] lstrlenW (lpString="|TN|") returned 4
[0187.131] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0187.131] RtlRestoreLastWin32Error () returned 0x490
[0187.131] lstrlenW (lpString="sc") returned 2
[0187.131] lstrlenW (lpString="sc") returned 2
[0187.131] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] lstrlenW (lpString="TN") returned 2
[0187.131] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.131] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0187.132] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.132] lstrlenW (lpString="|sc|") returned 4
[0187.132] lstrlenW (lpString="|TN|") returned 4
[0187.132] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0187.132] RtlRestoreLastWin32Error () returned 0x490
[0187.132] lstrlenW (lpString="mo") returned 2
[0187.132] lstrlenW (lpString="mo") returned 2
[0187.132] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.132] lstrlenW (lpString="TN") returned 2
[0187.132] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.132] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0187.132] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.132] lstrlenW (lpString="|mo|") returned 4
[0187.132] lstrlenW (lpString="|TN|") returned 4
[0187.132] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0187.132] RtlRestoreLastWin32Error () returned 0x490
[0187.132] lstrlenW (lpString="d") returned 1
[0187.132] lstrlenW (lpString="d") returned 1
[0187.132] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.132] lstrlenW (lpString="TN") returned 2
[0187.132] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.132] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0187.132] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.132] lstrlenW (lpString="|d|") returned 3
[0187.132] lstrlenW (lpString="|TN|") returned 4
[0187.132] RtlRestoreLastWin32Error () returned 0x490
[0187.132] lstrlenW (lpString="m") returned 1
[0187.132] lstrlenW (lpString="m") returned 1
[0187.132] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.132] lstrlenW (lpString="TN") returned 2
[0187.132] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.133] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0187.133] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.133] lstrlenW (lpString="|m|") returned 3
[0187.133] lstrlenW (lpString="|TN|") returned 4
[0187.133] RtlRestoreLastWin32Error () returned 0x490
[0187.133] lstrlenW (lpString="i") returned 1
[0187.133] lstrlenW (lpString="i") returned 1
[0187.133] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.133] lstrlenW (lpString="TN") returned 2
[0187.133] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.133] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0187.133] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.133] lstrlenW (lpString="|i|") returned 3
[0187.133] lstrlenW (lpString="|TN|") returned 4
[0187.133] RtlRestoreLastWin32Error () returned 0x490
[0187.133] lstrlenW (lpString="tn") returned 2
[0187.133] lstrlenW (lpString="tn") returned 2
[0187.133] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.133] lstrlenW (lpString="TN") returned 2
[0187.133] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.133] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0187.133] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0187.133] lstrlenW (lpString="|tn|") returned 4
[0187.133] lstrlenW (lpString="|TN|") returned 4
[0187.133] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0187.133] RtlRestoreLastWin32Error () returned 0x0
[0187.133] RtlRestoreLastWin32Error () returned 0x0
[0187.133] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.133] lstrlenW (lpString="-/") returned 2
[0187.133] StrChrIW (lpStart="-/", wMatch=0x4d0055) returned 0x0
[0187.133] RtlRestoreLastWin32Error () returned 0x490
[0187.133] RtlRestoreLastWin32Error () returned 0x490
[0187.133] RtlRestoreLastWin32Error () returned 0x0
[0187.133] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.134] StrChrIW (lpStart="Updates\\ObhZOLODRqR", wMatch=0x3a) returned 0x0
[0187.134] RtlRestoreLastWin32Error () returned 0x490
[0187.134] RtlRestoreLastWin32Error () returned 0x0
[0187.134] lstrlenW (lpString="Updates\\ObhZOLODRqR") returned 19
[0187.134] RtlRestoreLastWin32Error () returned 0x0
[0187.134] RtlRestoreLastWin32Error () returned 0x0
[0187.134] lstrlenW (lpString="/XML") returned 4
[0187.134] lstrlenW (lpString="-/") returned 2
[0187.134] StrChrIW (lpStart="-/", wMatch=0x4d002f) returned="/"
[0187.134] lstrlenW (lpString="create") returned 6
[0187.134] lstrlenW (lpString="create") returned 6
[0187.134] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.134] lstrlenW (lpString="XML") returned 3
[0187.134] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.134] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0187.134] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.134] lstrlenW (lpString="|create|") returned 8
[0187.134] lstrlenW (lpString="|XML|") returned 5
[0187.134] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0187.134] RtlRestoreLastWin32Error () returned 0x490
[0187.134] lstrlenW (lpString="?") returned 1
[0187.134] lstrlenW (lpString="?") returned 1
[0187.134] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.134] lstrlenW (lpString="XML") returned 3
[0187.134] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.134] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0187.134] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.134] lstrlenW (lpString="|?|") returned 3
[0187.134] lstrlenW (lpString="|XML|") returned 5
[0187.134] RtlRestoreLastWin32Error () returned 0x490
[0187.134] lstrlenW (lpString="s") returned 1
[0187.134] lstrlenW (lpString="s") returned 1
[0187.134] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] lstrlenW (lpString="XML") returned 3
[0187.135] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0187.135] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.135] lstrlenW (lpString="|s|") returned 3
[0187.135] lstrlenW (lpString="|XML|") returned 5
[0187.135] RtlRestoreLastWin32Error () returned 0x490
[0187.135] lstrlenW (lpString="u") returned 1
[0187.135] lstrlenW (lpString="u") returned 1
[0187.135] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] lstrlenW (lpString="XML") returned 3
[0187.135] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0187.135] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.135] lstrlenW (lpString="|u|") returned 3
[0187.135] lstrlenW (lpString="|XML|") returned 5
[0187.135] RtlRestoreLastWin32Error () returned 0x490
[0187.135] lstrlenW (lpString="p") returned 1
[0187.135] lstrlenW (lpString="p") returned 1
[0187.135] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] lstrlenW (lpString="XML") returned 3
[0187.135] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0187.135] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.135] lstrlenW (lpString="|p|") returned 3
[0187.135] lstrlenW (lpString="|XML|") returned 5
[0187.135] RtlRestoreLastWin32Error () returned 0x490
[0187.135] lstrlenW (lpString="ru") returned 2
[0187.135] lstrlenW (lpString="ru") returned 2
[0187.135] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.135] lstrlenW (lpString="XML") returned 3
[0187.135] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0187.136] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.136] lstrlenW (lpString="|ru|") returned 4
[0187.136] lstrlenW (lpString="|XML|") returned 5
[0187.136] RtlRestoreLastWin32Error () returned 0x490
[0187.136] lstrlenW (lpString="rp") returned 2
[0187.136] lstrlenW (lpString="rp") returned 2
[0187.136] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] lstrlenW (lpString="XML") returned 3
[0187.136] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0187.136] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.136] lstrlenW (lpString="|rp|") returned 4
[0187.136] lstrlenW (lpString="|XML|") returned 5
[0187.136] RtlRestoreLastWin32Error () returned 0x490
[0187.136] lstrlenW (lpString="sc") returned 2
[0187.136] lstrlenW (lpString="sc") returned 2
[0187.136] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] lstrlenW (lpString="XML") returned 3
[0187.136] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0187.136] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.136] lstrlenW (lpString="|sc|") returned 4
[0187.136] lstrlenW (lpString="|XML|") returned 5
[0187.136] RtlRestoreLastWin32Error () returned 0x490
[0187.136] lstrlenW (lpString="mo") returned 2
[0187.136] lstrlenW (lpString="mo") returned 2
[0187.136] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] lstrlenW (lpString="XML") returned 3
[0187.136] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.136] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0187.136] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.136] lstrlenW (lpString="|mo|") returned 4
[0187.137] lstrlenW (lpString="|XML|") returned 5
[0187.137] RtlRestoreLastWin32Error () returned 0x490
[0187.137] lstrlenW (lpString="d") returned 1
[0187.137] lstrlenW (lpString="d") returned 1
[0187.137] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] lstrlenW (lpString="XML") returned 3
[0187.137] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0187.137] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.137] lstrlenW (lpString="|d|") returned 3
[0187.137] lstrlenW (lpString="|XML|") returned 5
[0187.137] RtlRestoreLastWin32Error () returned 0x490
[0187.137] lstrlenW (lpString="m") returned 1
[0187.137] lstrlenW (lpString="m") returned 1
[0187.137] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] lstrlenW (lpString="XML") returned 3
[0187.137] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0187.137] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.137] lstrlenW (lpString="|m|") returned 3
[0187.137] lstrlenW (lpString="|XML|") returned 5
[0187.137] RtlRestoreLastWin32Error () returned 0x490
[0187.137] lstrlenW (lpString="i") returned 1
[0187.137] lstrlenW (lpString="i") returned 1
[0187.137] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] lstrlenW (lpString="XML") returned 3
[0187.137] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.137] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0187.137] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.137] lstrlenW (lpString="|i|") returned 3
[0187.137] lstrlenW (lpString="|XML|") returned 5
[0187.137] RtlRestoreLastWin32Error () returned 0x490
[0187.138] lstrlenW (lpString="tn") returned 2
[0187.138] lstrlenW (lpString="tn") returned 2
[0187.138] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] lstrlenW (lpString="XML") returned 3
[0187.138] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0187.138] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.138] lstrlenW (lpString="|tn|") returned 4
[0187.138] lstrlenW (lpString="|XML|") returned 5
[0187.138] RtlRestoreLastWin32Error () returned 0x490
[0187.138] lstrlenW (lpString="tr") returned 2
[0187.138] lstrlenW (lpString="tr") returned 2
[0187.138] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] lstrlenW (lpString="XML") returned 3
[0187.138] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4
[0187.138] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.138] lstrlenW (lpString="|tr|") returned 4
[0187.138] lstrlenW (lpString="|XML|") returned 5
[0187.138] RtlRestoreLastWin32Error () returned 0x490
[0187.138] lstrlenW (lpString="st") returned 2
[0187.138] lstrlenW (lpString="st") returned 2
[0187.138] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] lstrlenW (lpString="XML") returned 3
[0187.138] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.138] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4
[0187.138] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.138] lstrlenW (lpString="|st|") returned 4
[0187.138] lstrlenW (lpString="|XML|") returned 5
[0187.138] RtlRestoreLastWin32Error () returned 0x490
[0187.138] lstrlenW (lpString="sd") returned 2
[0187.139] lstrlenW (lpString="sd") returned 2
[0187.139] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] lstrlenW (lpString="XML") returned 3
[0187.139] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4
[0187.139] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.139] lstrlenW (lpString="|sd|") returned 4
[0187.139] lstrlenW (lpString="|XML|") returned 5
[0187.139] RtlRestoreLastWin32Error () returned 0x490
[0187.139] lstrlenW (lpString="ed") returned 2
[0187.139] lstrlenW (lpString="ed") returned 2
[0187.139] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] lstrlenW (lpString="XML") returned 3
[0187.139] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4
[0187.139] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.139] lstrlenW (lpString="|ed|") returned 4
[0187.139] lstrlenW (lpString="|XML|") returned 5
[0187.139] RtlRestoreLastWin32Error () returned 0x490
[0187.139] lstrlenW (lpString="it") returned 2
[0187.139] lstrlenW (lpString="it") returned 2
[0187.139] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] lstrlenW (lpString="XML") returned 3
[0187.139] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.139] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4
[0187.139] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.140] lstrlenW (lpString="|it|") returned 4
[0187.140] lstrlenW (lpString="|XML|") returned 5
[0187.140] RtlRestoreLastWin32Error () returned 0x490
[0187.140] lstrlenW (lpString="et") returned 2
[0187.140] lstrlenW (lpString="et") returned 2
[0187.140] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.140] lstrlenW (lpString="XML") returned 3
[0187.140] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.140] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4
[0187.140] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.140] lstrlenW (lpString="|et|") returned 4
[0187.140] lstrlenW (lpString="|XML|") returned 5
[0187.140] RtlRestoreLastWin32Error () returned 0x490
[0187.140] lstrlenW (lpString="k") returned 1
[0187.140] lstrlenW (lpString="k") returned 1
[0187.140] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.140] lstrlenW (lpString="XML") returned 3
[0187.140] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.140] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3
[0187.140] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.140] lstrlenW (lpString="|k|") returned 3
[0187.140] lstrlenW (lpString="|XML|") returned 5
[0187.140] RtlRestoreLastWin32Error () returned 0x490
[0187.140] lstrlenW (lpString="du") returned 2
[0187.140] lstrlenW (lpString="du") returned 2
[0187.140] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] lstrlenW (lpString="XML") returned 3
[0187.141] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4
[0187.141] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.141] lstrlenW (lpString="|du|") returned 4
[0187.141] lstrlenW (lpString="|XML|") returned 5
[0187.141] RtlRestoreLastWin32Error () returned 0x490
[0187.141] lstrlenW (lpString="ri") returned 2
[0187.141] lstrlenW (lpString="ri") returned 2
[0187.141] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] lstrlenW (lpString="XML") returned 3
[0187.141] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4
[0187.141] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.141] lstrlenW (lpString="|ri|") returned 4
[0187.141] lstrlenW (lpString="|XML|") returned 5
[0187.141] RtlRestoreLastWin32Error () returned 0x490
[0187.141] lstrlenW (lpString="z") returned 1
[0187.141] lstrlenW (lpString="z") returned 1
[0187.141] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] lstrlenW (lpString="XML") returned 3
[0187.141] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3
[0187.141] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.141] lstrlenW (lpString="|z|") returned 3
[0187.141] lstrlenW (lpString="|XML|") returned 5
[0187.141] RtlRestoreLastWin32Error () returned 0x490
[0187.141] lstrlenW (lpString="f") returned 1
[0187.141] lstrlenW (lpString="f") returned 1
[0187.141] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.141] lstrlenW (lpString="XML") returned 3
[0187.141] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.142] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3
[0187.142] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.142] lstrlenW (lpString="|f|") returned 3
[0187.142] lstrlenW (lpString="|XML|") returned 5
[0187.142] RtlRestoreLastWin32Error () returned 0x490
[0187.142] lstrlenW (lpString="v1") returned 2
[0187.142] lstrlenW (lpString="v1") returned 2
[0187.142] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.142] lstrlenW (lpString="XML") returned 3
[0187.142] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.142] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4
[0187.142] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.142] lstrlenW (lpString="|v1|") returned 4
[0187.142] lstrlenW (lpString="|XML|") returned 5
[0187.142] RtlRestoreLastWin32Error () returned 0x490
[0187.142] lstrlenW (lpString="xml") returned 3
[0187.142] lstrlenW (lpString="xml") returned 3
[0187.142] _memicmp (_Buf1=0x657420, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.142] lstrlenW (lpString="XML") returned 3
[0187.142] _memicmp (_Buf1=0x657450, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.142] _vsnwprintf (in: _Buffer=0x6594e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5
[0187.142] _vsnwprintf (in: _Buffer=0x659448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0187.142] lstrlenW (lpString="|xml|") returned 5
[0187.142] lstrlenW (lpString="|XML|") returned 5
[0187.142] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0187.142] RtlRestoreLastWin32Error () returned 0x0
[0187.142] RtlRestoreLastWin32Error () returned 0x0
[0187.142] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.142] lstrlenW (lpString="-/") returned 2
[0187.142] StrChrIW (lpStart="-/", wMatch=0x4d0043) returned 0x0
[0187.143] RtlRestoreLastWin32Error () returned 0x490
[0187.143] RtlRestoreLastWin32Error () returned 0x490
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.143] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp"
[0187.143] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.143] _memicmp (_Buf1=0x657468, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.143] _memicmp (_Buf1=0x65aa48, _Buf2=0x1312708, _Size=0x7) returned 0
[0187.143] RtlRestoreLastWin32Error () returned 0x7a
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] lstrlenW (lpString="C") returned 1
[0187.143] RtlRestoreLastWin32Error () returned 0x490
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.143] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.143] GetProcessHeap () returned 0x650000
[0187.143] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x6a) returned 0x656a58
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0187.143] RtlRestoreLastWin32Error () returned 0x0
[0187.143] GetProcessHeap () returned 0x650000
[0187.143] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x1fc) returned 0x65ada8
[0187.144] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0187.206] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0187.808] CoCreateInstance (in: rclsid=0x13126c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x13126d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x4d3758) returned 0x0
[0188.258] TaskScheduler:ITaskService:Connect (This=0x4d3758, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
[0188.303] TaskScheduler:ITaskService:GetFolder (in: This=0x4d3758, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x4d3880) returned 0x0
[0188.305] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa6ac.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x12c
[0188.305] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0xdcd7c | out: lpFileSize=0xdcd7c*=1599) returned 1
[0188.305] ReadFile (in: hFile=0x12c, lpBuffer=0xdcd8c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0xdcd8c*, lpNumberOfBytesRead=0xdcd88*=0x2, lpOverlapped=0x0) returned 1
[0188.305] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0188.305] malloc (_Size=0x640) returned 0x4d38d0
[0188.306] ReadFile (in: hFile=0x12c, lpBuffer=0x4d38d0, nNumberOfBytesToRead=0x640, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0x4d38d0*, lpNumberOfBytesRead=0xdcd88*=0x63f, lpOverlapped=0x0) returned 1
[0188.306] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4d38d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1600
[0188.306] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4d38d0, cbMultiByte=-1, lpWideCharStr=0x66a774, cchWideChar=1600 | out: lpWideCharStr="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\n \n \n") returned 1600
[0188.306] SysStringLen (param_1="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\n \n \n") returned 0x63f
[0188.306] VarBstrCat (in: bstrLeft=0x0, bstrRight="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\n \n \n", pbstrResult=0xdcd2c | out: pbstrResult=0xdcd2c) returned 0x0
[0188.307] free (_Block=0x4d38d0)
[0188.307] CloseHandle (hObject=0x12c) returned 1
[0188.307] lstrlenW (lpString="") returned 0
[0188.307] malloc (_Size=0xc) returned 0x4d3830
[0188.307] SysStringLen (param_1="") returned 0x0
[0188.307] free (_Block=0x4d3830)
[0188.308] lstrlenW (lpString="") returned 0
[0188.308] ITaskFolder:RegisterTask (in: This=0x4d3880, Path="Updates\\ObhZOLODRqR", XmlText="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ObhZOLODRqR.exe\n \n \n", flags=2, UserId=0xdcd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), password=0xdcd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=0, sddl=0xdcd84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xdcde0 | out: ppTask=0xdcde0*=0x4d38d0) returned 0x0
[0189.295] GetProcessHeap () returned 0x650000
[0189.295] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x14) returned 0x665238
[0189.295] _memicmp (_Buf1=0x6573f0, _Buf2=0x1312708, _Size=0x7) returned 0
[0189.296] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x65a798, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0189.296] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0189.296] GetProcessHeap () returned 0x650000
[0189.296] RtlAllocateHeap (HeapHandle=0x650000, Flags=0xc, Size=0x82) returned 0x6692b8
[0189.296] _vsnwprintf (in: _Buffer=0xdcdf8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xdcd94 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\ObhZOLODRqR\" has successfully been created.\n") returned 81
[0189.296] __iob_func () returned 0x76b41208
[0189.296] _fileno (_File=0x76b41228) returned 1
[0189.296] _errno () returned 0x4d05b0
[0189.296] _get_osfhandle (_FileHandle=1) returned 0x3c
[0189.296] _errno () returned 0x4d05b0
[0189.296] GetFileType (hFile=0x3c) returned 0x2
[0189.296] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0189.296] GetFileType (hFile=0x3c) returned 0x2
[0189.296] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdcd68 | out: lpMode=0xdcd68) returned 1
[0189.368] __iob_func () returned 0x76b41208
[0189.368] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0189.368] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\ObhZOLODRqR\" has successfully been created.\n") returned 81
[0189.368] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdcdf8*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0xdcd8c, lpReserved=0x0 | out: lpBuffer=0xdcdf8*, lpNumberOfCharsWritten=0xdcd8c*=0x51) returned 1
[0189.457] IUnknown:Release (This=0x4d38d0) returned 0x0
[0189.457] TaskScheduler:IUnknown:Release (This=0x4d3880) returned 0x0
[0189.457] TaskScheduler:IUnknown:Release (This=0x4d3758) returned 0x0
[0189.458] lstrlenW (lpString="") returned 0
[0189.458] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp") returned 52
[0189.458] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA6AC.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53
[0189.458] GetProcessHeap () returned 0x650000
[0189.458] GetProcessHeap () returned 0x650000
[0189.458] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x65ada8) returned 1
[0189.458] GetProcessHeap () returned 0x650000
[0189.458] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x65ada8) returned 0x1fc
[0189.458] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x65ada8) returned 1
[0189.458] GetProcessHeap () returned 0x650000
[0189.458] GetProcessHeap () returned 0x650000
[0189.458] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656a58) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656a58) returned 0x6a
[0189.459] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656a58) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659528) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659528) returned 0x16
[0189.459] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659528) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x65a9e8) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x65a9e8) returned 0x10
[0189.459] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x65a9e8) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6595e8) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6595e8) returned 0x14
[0189.459] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6595e8) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x658ef0) returned 1
[0189.459] GetProcessHeap () returned 0x650000
[0189.459] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x658ef0) returned 0xa0
[0189.460] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x658ef0) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6573c0) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6573c0) returned 0x10
[0189.460] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6573c0) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659508) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659508) returned 0x14
[0189.460] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659508) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6569e0) returned 1
[0189.460] GetProcessHeap () returned 0x650000
[0189.460] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6569e0) returned 0x6e
[0189.461] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6569e0) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x65aa48) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x65aa48) returned 0x10
[0189.461] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x65aa48) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659348) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659348) returned 0x14
[0189.461] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659348) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657480) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657480) returned 0xc
[0189.461] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657480) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657468) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657468) returned 0x10
[0189.461] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657468) returned 1
[0189.461] GetProcessHeap () returned 0x650000
[0189.461] GetProcessHeap () returned 0x650000
[0189.462] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659468) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659468) returned 0x14
[0189.462] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659468) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x658ce0) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x658ce0) returned 0x208
[0189.462] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x658ce0) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657360) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657360) returned 0x10
[0189.462] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657360) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6594a8) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6594a8) returned 0x14
[0189.462] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6594a8) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] GetProcessHeap () returned 0x650000
[0189.462] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x65a798) returned 1
[0189.462] GetProcessHeap () returned 0x650000
[0189.463] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x65a798) returned 0x200
[0189.463] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x65a798) returned 1
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6573f0) returned 1
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6573f0) returned 0x10
[0189.463] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6573f0) returned 1
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659408) returned 1
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659408) returned 0x14
[0189.463] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659408) returned 1
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] GetProcessHeap () returned 0x650000
[0189.463] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659448) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659448) returned 0x14
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659448) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657450) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657450) returned 0x10
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657450) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x652780) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x652780) returned 0x14
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x652780) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6594e8) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6594e8) returned 0x16
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6594e8) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657420) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657420) returned 0x10
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657420) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656618) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656618) returned 0x14
[0189.464] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656618) returned 1
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] GetProcessHeap () returned 0x650000
[0189.464] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x650598) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x650598) returned 0x2
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x650598) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656e48) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656e48) returned 0x14
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656e48) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656c10) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656c10) returned 0x14
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656c10) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656c30) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656c30) returned 0x14
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656c30) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656c50) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656c50) returned 0x14
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656c50) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6593e8) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6593e8) returned 0x14
[0189.465] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6593e8) returned 1
[0189.465] GetProcessHeap () returned 0x650000
[0189.465] GetProcessHeap () returned 0x650000
[0189.466] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6595a8) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6595a8) returned 0x14
[0189.466] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6595a8) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x652588) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x652588) returned 0x30
[0189.466] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x652588) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659368) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659368) returned 0x14
[0189.466] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659368) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x658f98) returned 1
[0189.466] GetProcessHeap () returned 0x650000
[0189.466] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x658f98) returned 0x30
[0189.467] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x658f98) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659548) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659548) returned 0x14
[0189.467] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659548) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6692b8) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6692b8) returned 0x82
[0189.467] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6692b8) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x665238) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x665238) returned 0x14
[0189.467] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x665238) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] GetProcessHeap () returned 0x650000
[0189.467] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657330) returned 1
[0189.467] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657330) returned 0x10
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657330) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656840) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656840) returned 0x14
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656840) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656860) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656860) returned 0x14
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656860) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x656880) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x656880) returned 0x14
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x656880) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6565d8) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6565d8) returned 0x14
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6565d8) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657348) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657348) returned 0x10
[0189.468] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657348) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] GetProcessHeap () returned 0x650000
[0189.468] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6565f8) returned 1
[0189.468] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6565f8) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6565f8) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6527a0) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6527a0) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6527a0) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6594c8) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6594c8) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6594c8) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659328) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659328) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659328) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6595c8) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6595c8) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6595c8) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x659488) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x659488) returned 0x14
[0189.469] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x659488) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] GetProcessHeap () returned 0x650000
[0189.469] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657390) returned 1
[0189.469] GetProcessHeap () returned 0x650000
[0189.470] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657390) returned 0x10
[0189.470] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657390) returned 1
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x6527c0) returned 1
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6527c0) returned 0x14
[0189.470] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x6527c0) returned 1
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] HeapValidate (hHeap=0x650000, dwFlags=0x0, lpMem=0x657318) returned 1
[0189.470] GetProcessHeap () returned 0x650000
[0189.470] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x657318) returned 0x10
[0189.470] RtlFreeHeap (HeapHandle=0x650000, Flags=0x0, BaseAddress=0x657318) returned 1
[0189.470] exit (_Code=0)
Thread:
id = 24
os_tid = 0x130c
Process:
id = "5"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x36345000"
os_pid = "0x3a8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0x1188"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 655
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 656
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 657
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 658
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 659
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 660
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 661
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 662
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 663
start_va = 0x7ff637930000
end_va = 0x7ff637940fff
monitored = 0
entry_point = 0x7ff6379316b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 664
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 665
start_va = 0x600000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 666
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 667
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 668
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 669
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 670
start_va = 0x90000
end_va = 0x14dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 671
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 674
start_va = 0x150000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 675
start_va = 0x190000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 676
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 677
start_va = 0x7ffa0abf0000
end_va = 0x7ffa0ac48fff
monitored = 0
entry_point = 0x7ffa0abffbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 678
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 679
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 680
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 681
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 682
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 683
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 684
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 685
start_va = 0x1a0000
end_va = 0x1a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 686
start_va = 0x7ffa13b70000
end_va = 0x7ffa13cb2fff
monitored = 0
entry_point = 0x7ffa13b98210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 687
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 688
start_va = 0x7ffa141e0000
end_va = 0x7ffa1421afff
monitored = 0
entry_point = 0x7ffa141e12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 689
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 690
start_va = 0x7ffa11220000
end_va = 0x7ffa113a5fff
monitored = 0
entry_point = 0x7ffa1126d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 693
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 694
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 695
start_va = 0x780000
end_va = 0x907fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 696
start_va = 0x910000
end_va = 0xa90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000910000"
filename = ""
Region:
id = 697
start_va = 0xaa0000
end_va = 0x1e9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000aa0000"
filename = ""
Region:
id = 698
start_va = 0x1ea0000
end_va = 0x1f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 702
start_va = 0x600000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 703
start_va = 0x680000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 704
start_va = 0x7ffa15210000
end_va = 0x7ffa1676efff
monitored = 0
entry_point = 0x7ffa153711f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 705
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 706
start_va = 0x7ffa13520000
end_va = 0x7ffa13b63fff
monitored = 0
entry_point = 0x7ffa136e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 707
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 708
start_va = 0x7ffa14ba0000
end_va = 0x7ffa14bf1fff
monitored = 0
entry_point = 0x7ffa14baf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 709
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 710
start_va = 0x7ffa12e80000
end_va = 0x7ffa12f34fff
monitored = 0
entry_point = 0x7ffa12ec22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 711
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 712
start_va = 0x7ffa12d90000
end_va = 0x7ffa12da3fff
monitored = 0
entry_point = 0x7ffa12d952e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 715
start_va = 0x7ffa11710000
end_va = 0x7ffa117a5fff
monitored = 0
entry_point = 0x7ffa11735570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 716
start_va = 0x1ea0000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 717
start_va = 0x1f20000
end_va = 0x1f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f20000"
filename = ""
Region:
id = 718
start_va = 0x1f30000
end_va = 0x2266fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 719
start_va = 0x2270000
end_va = 0x2482fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 720
start_va = 0x2490000
end_va = 0x26acfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 721
start_va = 0x26b0000
end_va = 0x27befff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 722
start_va = 0x27c0000
end_va = 0x29dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 723
start_va = 0x29e0000
end_va = 0x2aeefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 730
start_va = 0x640000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 731
start_va = 0x7ffa14a40000
end_va = 0x7ffa14b99fff
monitored = 0
entry_point = 0x7ffa14a838e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 732
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 733
start_va = 0x2af0000
end_va = 0x2babfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002af0000"
filename = ""
Region:
id = 734
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 735
start_va = 0x7ffa10610000
end_va = 0x7ffa10631fff
monitored = 0
entry_point = 0x7ffa10611a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 741
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 742
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 749
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 750
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 751
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 752
start_va = 0x1d0000
end_va = 0x1d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 753
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 754
start_va = 0x1ea0000
end_va = 0x1ea1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ea0000"
filename = ""
Region:
id = 755
start_va = 0x1ef0000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ef0000"
filename = ""
Region:
id = 756
start_va = 0x7ffa080f0000
end_va = 0x7ffa08363fff
monitored = 0
entry_point = 0x7ffa08160400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 765
start_va = 0x1eb0000
end_va = 0x1eb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 766
start_va = 0x1ec0000
end_va = 0x1ec1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ec0000"
filename = ""
Thread:
id = 19
os_tid = 0x12c0
Thread:
id = 20
os_tid = 0x12b8
Thread:
id = 21
os_tid = 0x12b4
Thread:
id = 23
os_tid = 0x1280
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75956000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "4"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 845
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 846
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 847
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 848
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 849
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 850
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 851
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 852
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 853
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 854
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 855
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 856
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 857
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 858
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 859
start_va = 0x410000
end_va = 0x410fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 860
start_va = 0x420000
end_va = 0x426fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 861
start_va = 0x430000
end_va = 0x440fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1256.nls"
filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls")
Region:
id = 862
start_va = 0x450000
end_va = 0x451fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 863
start_va = 0x460000
end_va = 0x464fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 864
start_va = 0x470000
end_va = 0x476fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 865
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 866
start_va = 0x540000
end_va = 0x546fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 867
start_va = 0x550000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 868
start_va = 0x5d0000
end_va = 0x5d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 869
start_va = 0x5e0000
end_va = 0x5effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 870
start_va = 0x5f0000
end_va = 0x5f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 871
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 872
start_va = 0x700000
end_va = 0x887fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 873
start_va = 0x890000
end_va = 0x890fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 874
start_va = 0x8a0000
end_va = 0x8a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 875
start_va = 0x8b0000
end_va = 0x8bcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 876
start_va = 0x8c0000
end_va = 0x8c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 877
start_va = 0x8d0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mswsock.dll.mui"
filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui")
Region:
id = 878
start_va = 0x8e0000
end_va = 0x8e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 879
start_va = 0x8f0000
end_va = 0x8f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 880
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 881
start_va = 0xa00000
end_va = 0xb80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 882
start_va = 0xb90000
end_va = 0xc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 883
start_va = 0xc90000
end_va = 0xc93fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 884
start_va = 0xca0000
end_va = 0xcb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 885
start_va = 0xcc0000
end_va = 0xcc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cc0000"
filename = ""
Region:
id = 886
start_va = 0xcd0000
end_va = 0xd14fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 887
start_va = 0xd20000
end_va = 0xd2cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 888
start_va = 0xd30000
end_va = 0xd36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d30000"
filename = ""
Region:
id = 889
start_va = 0xdc0000
end_va = 0xdc8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 890
start_va = 0xdd0000
end_va = 0xdd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 891
start_va = 0xde0000
end_va = 0xde1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 892
start_va = 0xe00000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 893
start_va = 0xf00000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 894
start_va = 0x1000000
end_va = 0x1336fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 895
start_va = 0x1340000
end_va = 0x143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 896
start_va = 0x1440000
end_va = 0x153ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001440000"
filename = ""
Region:
id = 897
start_va = 0x1540000
end_va = 0x15bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001540000"
filename = ""
Region:
id = 898
start_va = 0x15c0000
end_va = 0x15c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000015c0000"
filename = ""
Region:
id = 899
start_va = 0x15d0000
end_va = 0x15d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui")
Region:
id = 900
start_va = 0x15e0000
end_va = 0x15f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 901
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 902
start_va = 0x1700000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001700000"
filename = ""
Region:
id = 903
start_va = 0x1800000
end_va = 0x18dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 904
start_va = 0x18e0000
end_va = 0x18f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1254.nls"
filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls")
Region:
id = 905
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 906
start_va = 0x1a00000
end_va = 0x1a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 907
start_va = 0x1a80000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a80000"
filename = ""
Region:
id = 908
start_va = 0x1b80000
end_va = 0x1c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 909
start_va = 0x1c80000
end_va = 0x1d7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001c80000"
filename = ""
Region:
id = 910
start_va = 0x1d80000
end_va = 0x1e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d80000"
filename = ""
Region:
id = 911
start_va = 0x1e80000
end_va = 0x1f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e80000"
filename = ""
Region:
id = 912
start_va = 0x1f80000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f80000"
filename = ""
Region:
id = 913
start_va = 0x2080000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 914
start_va = 0x2180000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 915
start_va = 0x2280000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 916
start_va = 0x2380000
end_va = 0x247ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 917
start_va = 0x2480000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 918
start_va = 0x2500000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 919
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 920
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 921
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 922
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 923
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 924
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 925
start_va = 0x2c00000
end_va = 0x2c8dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 926
start_va = 0x2c90000
end_va = 0x2d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c90000"
filename = ""
Region:
id = 927
start_va = 0x2d10000
end_va = 0x2e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d10000"
filename = ""
Region:
id = 928
start_va = 0x2e10000
end_va = 0x2f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e10000"
filename = ""
Region:
id = 929
start_va = 0x2f10000
end_va = 0x300ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 930
start_va = 0x3010000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003010000"
filename = ""
Region:
id = 931
start_va = 0x3110000
end_va = 0x318ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 932
start_va = 0x3190000
end_va = 0x328ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003190000"
filename = ""
Region:
id = 933
start_va = 0x3290000
end_va = 0x330ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003290000"
filename = ""
Region:
id = 934
start_va = 0x3310000
end_va = 0x3320fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1250.nls"
filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls")
Region:
id = 935
start_va = 0x3330000
end_va = 0x3340fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1253.nls"
filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls")
Region:
id = 936
start_va = 0x3350000
end_va = 0x3360fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1257.nls"
filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls")
Region:
id = 937
start_va = 0x3370000
end_va = 0x3380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 938
start_va = 0x3390000
end_va = 0x3396fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003390000"
filename = ""
Region:
id = 939
start_va = 0x34a0000
end_va = 0x34c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_932.nls"
filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls")
Region:
id = 940
start_va = 0x34d0000
end_va = 0x3500fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_949.nls"
filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls")
Region:
id = 941
start_va = 0x3510000
end_va = 0x3520fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_874.nls"
filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls")
Region:
id = 942
start_va = 0x3530000
end_va = 0x3540fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1258.nls"
filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls")
Region:
id = 943
start_va = 0x3550000
end_va = 0x3550fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003550000"
filename = ""
Region:
id = 944
start_va = 0x3570000
end_va = 0x35effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003570000"
filename = ""
Region:
id = 945
start_va = 0x35f0000
end_va = 0x3620fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_936.nls"
filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls")
Region:
id = 946
start_va = 0x3630000
end_va = 0x3660fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_950.nls"
filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls")
Region:
id = 947
start_va = 0x3670000
end_va = 0x376ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003670000"
filename = ""
Region:
id = 948
start_va = 0x3770000
end_va = 0x386ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003770000"
filename = ""
Region:
id = 949
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 950
start_va = 0x38f0000
end_va = 0x38f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 951
start_va = 0x3900000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 952
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 953
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 954
start_va = 0x3c00000
end_va = 0x3c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 955
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 956
start_va = 0x3d00000
end_va = 0x3d01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003d00000"
filename = ""
Region:
id = 957
start_va = 0x3d80000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d80000"
filename = ""
Region:
id = 958
start_va = 0x3e00000
end_va = 0x3e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 959
start_va = 0x3e80000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e80000"
filename = ""
Region:
id = 960
start_va = 0x3f00000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 961
start_va = 0x4000000
end_va = 0x40fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004000000"
filename = ""
Region:
id = 962
start_va = 0x4100000
end_va = 0x41fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004100000"
filename = ""
Region:
id = 963
start_va = 0x4200000
end_va = 0x42fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004200000"
filename = ""
Region:
id = 964
start_va = 0x4300000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 965
start_va = 0x4400000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 966
start_va = 0x4500000
end_va = 0x45fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004500000"
filename = ""
Region:
id = 967
start_va = 0x4600000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004600000"
filename = ""
Region:
id = 968
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 969
start_va = 0x49b0000
end_va = 0x49b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049b0000"
filename = ""
Region:
id = 970
start_va = 0x49c0000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049c0000"
filename = ""
Region:
id = 971
start_va = 0x4b00000
end_va = 0x4bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 972
start_va = 0x4c00000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 973
start_va = 0x4d00000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 974
start_va = 0x4e20000
end_va = 0x4f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 975
start_va = 0x5100000
end_va = 0x51fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005100000"
filename = ""
Region:
id = 976
start_va = 0x5500000
end_va = 0x55fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005500000"
filename = ""
Region:
id = 977
start_va = 0x5600000
end_va = 0x56fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005600000"
filename = ""
Region:
id = 978
start_va = 0x5700000
end_va = 0x57fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005700000"
filename = ""
Region:
id = 979
start_va = 0x5800000
end_va = 0x58fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005800000"
filename = ""
Region:
id = 980
start_va = 0x5900000
end_va = 0x59fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005900000"
filename = ""
Region:
id = 981
start_va = 0x5a00000
end_va = 0x5afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a00000"
filename = ""
Region:
id = 982
start_va = 0x5b00000
end_va = 0x5bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b00000"
filename = ""
Region:
id = 983
start_va = 0x5c00000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005c00000"
filename = ""
Region:
id = 984
start_va = 0x5d00000
end_va = 0x5dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d00000"
filename = ""
Region:
id = 985
start_va = 0x5e00000
end_va = 0x5efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e00000"
filename = ""
Region:
id = 986
start_va = 0x5f00000
end_va = 0x5ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005f00000"
filename = ""
Region:
id = 987
start_va = 0x6000000
end_va = 0x60fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006000000"
filename = ""
Region:
id = 988
start_va = 0x6100000
end_va = 0x61fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006100000"
filename = ""
Region:
id = 989
start_va = 0x6200000
end_va = 0x62fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006200000"
filename = ""
Region:
id = 990
start_va = 0x6300000
end_va = 0x63fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006300000"
filename = ""
Region:
id = 991
start_va = 0x6400000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 992
start_va = 0x6500000
end_va = 0x65fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006500000"
filename = ""
Region:
id = 993
start_va = 0x6600000
end_va = 0x66fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006600000"
filename = ""
Region:
id = 994
start_va = 0x6700000
end_va = 0x67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006700000"
filename = ""
Region:
id = 995
start_va = 0x6800000
end_va = 0x68fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006800000"
filename = ""
Region:
id = 996
start_va = 0x6900000
end_va = 0x69fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006900000"
filename = ""
Region:
id = 997
start_va = 0x6a00000
end_va = 0x6afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006a00000"
filename = ""
Region:
id = 998
start_va = 0x6b00000
end_va = 0x6bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b00000"
filename = ""
Region:
id = 999
start_va = 0x6c00000
end_va = 0x6cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006c00000"
filename = ""
Region:
id = 1000
start_va = 0x6d00000
end_va = 0x6dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d00000"
filename = ""
Region:
id = 1001
start_va = 0x6e00000
end_va = 0x6efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e00000"
filename = ""
Region:
id = 1002
start_va = 0x7000000
end_va = 0x70fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007000000"
filename = ""
Region:
id = 1003
start_va = 0x7100000
end_va = 0x71fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007100000"
filename = ""
Region:
id = 1004
start_va = 0x7200000
end_va = 0x72fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007200000"
filename = ""
Region:
id = 1005
start_va = 0x7300000
end_va = 0x73fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007300000"
filename = ""
Region:
id = 1006
start_va = 0x7b00000
end_va = 0x7bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b00000"
filename = ""
Region:
id = 1007
start_va = 0x7c00000
end_va = 0x7cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c00000"
filename = ""
Region:
id = 1008
start_va = 0x7e00000
end_va = 0x7efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e00000"
filename = ""
Region:
id = 1009
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1010
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1011
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1012
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1013
start_va = 0x7ff681250000
end_va = 0x7ff68125cfff
monitored = 0
entry_point = 0x7ff681253980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1014
start_va = 0x7ff9fc130000
end_va = 0x7ff9fc204fff
monitored = 0
entry_point = 0x7ff9fc14cf80
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1015
start_va = 0x7ff9fc260000
end_va = 0x7ff9fc2a3fff
monitored = 0
entry_point = 0x7ff9fc2883e0
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 1016
start_va = 0x7ff9fc2b0000
end_va = 0x7ff9fc30cfff
monitored = 0
entry_point = 0x7ff9fc2de510
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 1017
start_va = 0x7ff9fc480000
end_va = 0x7ff9fc4b1fff
monitored = 0
entry_point = 0x7ff9fc48b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 1018
start_va = 0x7ff9fc4c0000
end_va = 0x7ff9fc76ffff
monitored = 0
entry_point = 0x7ff9fc4c1cf0
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 1019
start_va = 0x7ff9fdf30000
end_va = 0x7ff9fdfaffff
monitored = 0
entry_point = 0x7ff9fdf5d280
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1020
start_va = 0x7ff9fdfb0000
end_va = 0x7ff9fdfeefff
monitored = 0
entry_point = 0x7ff9fdfd82d0
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 1021
start_va = 0x7ff9fe250000
end_va = 0x7ff9fe285fff
monitored = 0
entry_point = 0x7ff9fe2527f0
region_type = mapped_file
name = "windows.networking.hostname.dll"
filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")
Region:
id = 1022
start_va = 0x7ff9fe2e0000
end_va = 0x7ff9fe2f0fff
monitored = 0
entry_point = 0x7ff9fe2e28d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 1023
start_va = 0x7ff9fe300000
end_va = 0x7ff9fe366fff
monitored = 0
entry_point = 0x7ff9fe30b160
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1024
start_va = 0x7ff9fe390000
end_va = 0x7ff9fe3a1fff
monitored = 0
entry_point = 0x7ff9fe391a80
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 1025
start_va = 0x7ff9fe3b0000
end_va = 0x7ff9fe3b7fff
monitored = 0
entry_point = 0x7ff9fe3b13b0
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 1026
start_va = 0x7ff9fe3c0000
end_va = 0x7ff9fe3d6fff
monitored = 0
entry_point = 0x7ff9fe3c7520
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 1027
start_va = 0x7ff9fe4a0000
end_va = 0x7ff9fe4c1fff
monitored = 0
entry_point = 0x7ff9fe4b2540
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 1028
start_va = 0x7ff9ffaa0000
end_va = 0x7ff9ffabcfff
monitored = 0
entry_point = 0x7ff9ffaa4f60
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 1029
start_va = 0x7ff9ffc30000
end_va = 0x7ff9ffd3efff
monitored = 0
entry_point = 0x7ff9ffc6c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1030
start_va = 0x7ff9ffd40000
end_va = 0x7ff9ffd53fff
monitored = 0
entry_point = 0x7ff9ffd42a00
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1031
start_va = 0x7ffa00360000
end_va = 0x7ffa0047cfff
monitored = 0
entry_point = 0x7ffa0038fe60
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 1032
start_va = 0x7ffa01690000
end_va = 0x7ffa016a3fff
monitored = 0
entry_point = 0x7ffa01693710
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 1033
start_va = 0x7ffa01740000
end_va = 0x7ffa0175dfff
monitored = 0
entry_point = 0x7ffa0174ef80
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 1034
start_va = 0x7ffa04070000
end_va = 0x7ffa04087fff
monitored = 0
entry_point = 0x7ffa0407b850
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 1035
start_va = 0x7ffa069a0000
end_va = 0x7ffa069b5fff
monitored = 0
entry_point = 0x7ffa069a1d50
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 1036
start_va = 0x7ffa07a20000
end_va = 0x7ffa07a30fff
monitored = 0
entry_point = 0x7ffa07a27480
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 1037
start_va = 0x7ffa07a40000
end_va = 0x7ffa07ac3fff
monitored = 0
entry_point = 0x7ffa07a58d50
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 1038
start_va = 0x7ffa07ad0000
end_va = 0x7ffa07ae5fff
monitored = 0
entry_point = 0x7ffa07ad55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1039
start_va = 0x7ffa07af0000
end_va = 0x7ffa07bc5fff
monitored = 0
entry_point = 0x7ffa07b1a800
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 1040
start_va = 0x7ffa07c20000
end_va = 0x7ffa07c83fff
monitored = 0
entry_point = 0x7ffa07c3bed0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 1041
start_va = 0x7ffa07c90000
end_va = 0x7ffa07cb4fff
monitored = 0
entry_point = 0x7ffa07c99900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1042
start_va = 0x7ffa07cc0000
end_va = 0x7ffa07cd3fff
monitored = 0
entry_point = 0x7ffa07cc1800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1043
start_va = 0x7ffa07ce0000
end_va = 0x7ffa07dd5fff
monitored = 0
entry_point = 0x7ffa07d19590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1044
start_va = 0x7ffa07de0000
end_va = 0x7ffa07e53fff
monitored = 0
entry_point = 0x7ffa07df5eb0
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 1045
start_va = 0x7ffa07e60000
end_va = 0x7ffa07f96fff
monitored = 0
entry_point = 0x7ffa07ea0480
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 1046
start_va = 0x7ffa08390000
end_va = 0x7ffa083a0fff
monitored = 0
entry_point = 0x7ffa08392fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1047
start_va = 0x7ffa083b0000
end_va = 0x7ffa083cdfff
monitored = 0
entry_point = 0x7ffa083b3a40
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1048
start_va = 0x7ffa083d0000
end_va = 0x7ffa08451fff
monitored = 0
entry_point = 0x7ffa083d2a10
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 1049
start_va = 0x7ffa08460000
end_va = 0x7ffa08475fff
monitored = 0
entry_point = 0x7ffa08461af0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 1050
start_va = 0x7ffa08480000
end_va = 0x7ffa08499fff
monitored = 0
entry_point = 0x7ffa08482330
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 1051
start_va = 0x7ffa088d0000
end_va = 0x7ffa08915fff
monitored = 0
entry_point = 0x7ffa088d79a0
region_type = mapped_file
name = "adsldp.dll"
filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")
Region:
id = 1052
start_va = 0x7ffa08940000
end_va = 0x7ffa0894efff
monitored = 0
entry_point = 0x7ffa08944960
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1053
start_va = 0x7ffa08a00000
end_va = 0x7ffa08a0bfff
monitored = 0
entry_point = 0x7ffa08a035c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1054
start_va = 0x7ffa08a10000
end_va = 0x7ffa08a4ffff
monitored = 0
entry_point = 0x7ffa08a1cbe0
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 1055
start_va = 0x7ffa08a50000
end_va = 0x7ffa08a96fff
monitored = 0
entry_point = 0x7ffa08a51d10
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 1056
start_va = 0x7ffa08ae0000
end_va = 0x7ffa08b21fff
monitored = 0
entry_point = 0x7ffa08ae3670
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1057
start_va = 0x7ffa08e00000
end_va = 0x7ffa08e1efff
monitored = 0
entry_point = 0x7ffa08e037e0
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 1058
start_va = 0x7ffa08e20000
end_va = 0x7ffa08e98fff
monitored = 0
entry_point = 0x7ffa08e276a0
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 1059
start_va = 0x7ffa08eb0000
end_va = 0x7ffa08eeffff
monitored = 0
entry_point = 0x7ffa08ec6c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1060
start_va = 0x7ffa08f10000
end_va = 0x7ffa08f27fff
monitored = 0
entry_point = 0x7ffa08f14e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 1061
start_va = 0x7ffa08f30000
end_va = 0x7ffa08f54fff
monitored = 0
entry_point = 0x7ffa08f35ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 1062
start_va = 0x7ffa08f60000
end_va = 0x7ffa090e1fff
monitored = 0
entry_point = 0x7ffa08f782a0
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1063
start_va = 0x7ffa090f0000
end_va = 0x7ffa09192fff
monitored = 0
entry_point = 0x7ffa090f2c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1064
start_va = 0x7ffa091a0000
end_va = 0x7ffa091f1fff
monitored = 0
entry_point = 0x7ffa091a5770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1065
start_va = 0x7ffa09200000
end_va = 0x7ffa0922dfff
monitored = 1
entry_point = 0x7ffa09202300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 1066
start_va = 0x7ffa09230000
end_va = 0x7ffa0928dfff
monitored = 0
entry_point = 0x7ffa09235080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 1067
start_va = 0x7ffa09290000
end_va = 0x7ffa092affff
monitored = 0
entry_point = 0x7ffa09291f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 1068
start_va = 0x7ffa092b0000
end_va = 0x7ffa092b8fff
monitored = 0
entry_point = 0x7ffa092b18f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 1069
start_va = 0x7ffa092c0000
end_va = 0x7ffa092d0fff
monitored = 0
entry_point = 0x7ffa092c1d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1070
start_va = 0x7ffa09330000
end_va = 0x7ffa09347fff
monitored = 0
entry_point = 0x7ffa09332000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1071
start_va = 0x7ffa09350000
end_va = 0x7ffa09390fff
monitored = 0
entry_point = 0x7ffa09353750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1072
start_va = 0x7ffa09430000
end_va = 0x7ffa0947bfff
monitored = 0
entry_point = 0x7ffa09445310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1073
start_va = 0x7ffa09490000
end_va = 0x7ffa0950efff
monitored = 0
entry_point = 0x7ffa094a7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1074
start_va = 0x7ffa09510000
end_va = 0x7ffa0954bfff
monitored = 0
entry_point = 0x7ffa09516aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1075
start_va = 0x7ffa09c80000
end_va = 0x7ffa09c88fff
monitored = 0
entry_point = 0x7ffa09c821d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 1076
start_va = 0x7ffa09c90000
end_va = 0x7ffa09cc4fff
monitored = 0
entry_point = 0x7ffa09c9a270
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 1077
start_va = 0x7ffa0a560000
end_va = 0x7ffa0a652fff
monitored = 0
entry_point = 0x7ffa0a585d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1078
start_va = 0x7ffa0ac50000
end_va = 0x7ffa0ac59fff
monitored = 0
entry_point = 0x7ffa0ac514c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1079
start_va = 0x7ffa0afc0000
end_va = 0x7ffa0afd1fff
monitored = 0
entry_point = 0x7ffa0afc3580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1080
start_va = 0x7ffa0b050000
end_va = 0x7ffa0b06afff
monitored = 0
entry_point = 0x7ffa0b051040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1081
start_va = 0x7ffa0b300000
end_va = 0x7ffa0b314fff
monitored = 0
entry_point = 0x7ffa0b302dc0
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1082
start_va = 0x7ffa0b320000
end_va = 0x7ffa0b32dfff
monitored = 0
entry_point = 0x7ffa0b321460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1083
start_va = 0x7ffa0b330000
end_va = 0x7ffa0b33bfff
monitored = 0
entry_point = 0x7ffa0b332830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1084
start_va = 0x7ffa0b340000
end_va = 0x7ffa0b34ffff
monitored = 0
entry_point = 0x7ffa0b341700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1085
start_va = 0x7ffa0b350000
end_va = 0x7ffa0b358fff
monitored = 0
entry_point = 0x7ffa0b351ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1086
start_va = 0x7ffa0b360000
end_va = 0x7ffa0b38cfff
monitored = 0
entry_point = 0x7ffa0b362290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1087
start_va = 0x7ffa0b390000
end_va = 0x7ffa0b3e1fff
monitored = 0
entry_point = 0x7ffa0b3938e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1088
start_va = 0x7ffa0b4a0000
end_va = 0x7ffa0b4b4fff
monitored = 0
entry_point = 0x7ffa0b4a3460
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1089
start_va = 0x7ffa0b4c0000
end_va = 0x7ffa0b559fff
monitored = 0
entry_point = 0x7ffa0b4dada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1090
start_va = 0x7ffa0b640000
end_va = 0x7ffa0b6a6fff
monitored = 0
entry_point = 0x7ffa0b6463e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1091
start_va = 0x7ffa0b7a0000
end_va = 0x7ffa0b7aafff
monitored = 0
entry_point = 0x7ffa0b7a1d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1092
start_va = 0x7ffa0b800000
end_va = 0x7ffa0b8bffff
monitored = 0
entry_point = 0x7ffa0b82fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1093
start_va = 0x7ffa0b9f0000
end_va = 0x7ffa0ba09fff
monitored = 0
entry_point = 0x7ffa0b9f2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1094
start_va = 0x7ffa0ba10000
end_va = 0x7ffa0ba25fff
monitored = 0
entry_point = 0x7ffa0ba119f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1095
start_va = 0x7ffa0baf0000
end_va = 0x7ffa0bb27fff
monitored = 0
entry_point = 0x7ffa0bb08cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1096
start_va = 0x7ffa0bbe0000
end_va = 0x7ffa0bc8dfff
monitored = 0
entry_point = 0x7ffa0bbf80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1097
start_va = 0x7ffa0bc90000
end_va = 0x7ffa0bca1fff
monitored = 0
entry_point = 0x7ffa0bc99260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1098
start_va = 0x7ffa0bcb0000
end_va = 0x7ffa0bd60fff
monitored = 0
entry_point = 0x7ffa0bd288b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1099
start_va = 0x7ffa0bd70000
end_va = 0x7ffa0bd83fff
monitored = 0
entry_point = 0x7ffa0bd72d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1100
start_va = 0x7ffa0c070000
end_va = 0x7ffa0c102fff
monitored = 0
entry_point = 0x7ffa0c079680
region_type = mapped_file
name = "msvcp_win.dll"
filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")
Region:
id = 1101
start_va = 0x7ffa0c2b0000
end_va = 0x7ffa0c2d4fff
monitored = 0
entry_point = 0x7ffa0c2c2f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1102
start_va = 0x7ffa0c2e0000
end_va = 0x7ffa0c2f0fff
monitored = 0
entry_point = 0x7ffa0c2e7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1103
start_va = 0x7ffa0c300000
end_va = 0x7ffa0c318fff
monitored = 0
entry_point = 0x7ffa0c304520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1104
start_va = 0x7ffa0ca80000
end_va = 0x7ffa0ca99fff
monitored = 0
entry_point = 0x7ffa0ca82cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1105
start_va = 0x7ffa0ce40000
end_va = 0x7ffa0d1c1fff
monitored = 0
entry_point = 0x7ffa0ce91220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1106
start_va = 0x7ffa0e2c0000
end_va = 0x7ffa0e3cdfff
monitored = 0
entry_point = 0x7ffa0e30eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 1107
start_va = 0x7ffa0e6d0000
end_va = 0x7ffa0e724fff
monitored = 0
entry_point = 0x7ffa0e6d3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1108
start_va = 0x7ffa0e730000
end_va = 0x7ffa0e766fff
monitored = 0
entry_point = 0x7ffa0e736020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1109
start_va = 0x7ffa0e770000
end_va = 0x7ffa0e78ffff
monitored = 0
entry_point = 0x7ffa0e7739a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1110
start_va = 0x7ffa0e790000
end_va = 0x7ffa0e7a6fff
monitored = 0
entry_point = 0x7ffa0e795630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1111
start_va = 0x7ffa0e7b0000
end_va = 0x7ffa0e7c2fff
monitored = 0
entry_point = 0x7ffa0e7b57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1112
start_va = 0x7ffa0e7d0000
end_va = 0x7ffa0e849fff
monitored = 0
entry_point = 0x7ffa0e7f7630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1113
start_va = 0x7ffa0e850000
end_va = 0x7ffa0e87dfff
monitored = 0
entry_point = 0x7ffa0e857550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1114
start_va = 0x7ffa0e880000
end_va = 0x7ffa0e895fff
monitored = 0
entry_point = 0x7ffa0e881b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1115
start_va = 0x7ffa0e8a0000
end_va = 0x7ffa0e903fff
monitored = 0
entry_point = 0x7ffa0e8b5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1116
start_va = 0x7ffa0ead0000
end_va = 0x7ffa0eb10fff
monitored = 0
entry_point = 0x7ffa0ead4840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1117
start_va = 0x7ffa0eb20000
end_va = 0x7ffa0eb2bfff
monitored = 0
entry_point = 0x7ffa0eb214d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1118
start_va = 0x7ffa0eb30000
end_va = 0x7ffa0ec65fff
monitored = 0
entry_point = 0x7ffa0eb5f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1119
start_va = 0x7ffa0ec70000
end_va = 0x7ffa0ed55fff
monitored = 0
entry_point = 0x7ffa0ec8cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1120
start_va = 0x7ffa0ed60000
end_va = 0x7ffa0ee27fff
monitored = 0
entry_point = 0x7ffa0eda13f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1121
start_va = 0x7ffa0ee30000
end_va = 0x7ffa0ee90fff
monitored = 0
entry_point = 0x7ffa0ee34b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1122
start_va = 0x7ffa0eea0000
end_va = 0x7ffa0f01bfff
monitored = 0
entry_point = 0x7ffa0eef1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1123
start_va = 0x7ffa0f020000
end_va = 0x7ffa0f02afff
monitored = 0
entry_point = 0x7ffa0f021770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1124
start_va = 0x7ffa0f030000
end_va = 0x7ffa0f06dfff
monitored = 0
entry_point = 0x7ffa0f03a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1125
start_va = 0x7ffa0f070000
end_va = 0x7ffa0f096fff
monitored = 0
entry_point = 0x7ffa0f073bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1126
start_va = 0x7ffa0f0a0000
end_va = 0x7ffa0f0e9fff
monitored = 0
entry_point = 0x7ffa0f0aac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 1127
start_va = 0x7ffa0f0f0000
end_va = 0x7ffa0f144fff
monitored = 0
entry_point = 0x7ffa0f0ffc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1128
start_va = 0x7ffa0f190000
end_va = 0x7ffa0f221fff
monitored = 0
entry_point = 0x7ffa0f1da780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1129
start_va = 0x7ffa0f2b0000
end_va = 0x7ffa0f2bcfff
monitored = 0
entry_point = 0x7ffa0f2b1420
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1130
start_va = 0x7ffa0f2d0000
end_va = 0x7ffa0f2dffff
monitored = 0
entry_point = 0x7ffa0f2d2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1131
start_va = 0x7ffa0f2e0000
end_va = 0x7ffa0f2ecfff
monitored = 0
entry_point = 0x7ffa0f2e2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1132
start_va = 0x7ffa0f2f0000
end_va = 0x7ffa0f31efff
monitored = 0
entry_point = 0x7ffa0f2f8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1133
start_va = 0x7ffa0f320000
end_va = 0x7ffa0f33efff
monitored = 0
entry_point = 0x7ffa0f324960
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1134
start_va = 0x7ffa0f370000
end_va = 0x7ffa0f3ddfff
monitored = 0
entry_point = 0x7ffa0f377f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1135
start_va = 0x7ffa0f3e0000
end_va = 0x7ffa0f3f0fff
monitored = 0
entry_point = 0x7ffa0f3e3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1136
start_va = 0x7ffa0f430000
end_va = 0x7ffa0f465fff
monitored = 0
entry_point = 0x7ffa0f440070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1137
start_va = 0x7ffa0fc30000
end_va = 0x7ffa0fc70fff
monitored = 0
entry_point = 0x7ffa0fc47eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1138
start_va = 0x7ffa0fc80000
end_va = 0x7ffa0fd7bfff
monitored = 0
entry_point = 0x7ffa0fcb6df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1139
start_va = 0x7ffa0fe10000
end_va = 0x7ffa0fecefff
monitored = 0
entry_point = 0x7ffa0fe31c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1140
start_va = 0x7ffa0ff20000
end_va = 0x7ffa0ff29fff
monitored = 0
entry_point = 0x7ffa0ff21660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1141
start_va = 0x7ffa0ff30000
end_va = 0x7ffa0ff47fff
monitored = 0
entry_point = 0x7ffa0ff35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1142
start_va = 0x7ffa0ff50000
end_va = 0x7ffa1009cfff
monitored = 0
entry_point = 0x7ffa0ff93da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1143
start_va = 0x7ffa10cc0000
end_va = 0x7ffa11152fff
monitored = 0
entry_point = 0x7ffa10ccf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1144
start_va = 0x7ffa11160000
end_va = 0x7ffa111c6fff
monitored = 0
entry_point = 0x7ffa1117e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 1145
start_va = 0x7ffa11220000
end_va = 0x7ffa113a5fff
monitored = 0
entry_point = 0x7ffa1126d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1146
start_va = 0x7ffa113b0000
end_va = 0x7ffa113cbfff
monitored = 0
entry_point = 0x7ffa113b37a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1147
start_va = 0x7ffa113d0000
end_va = 0x7ffa113dafff
monitored = 0
entry_point = 0x7ffa113d1de0
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1148
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1149
start_va = 0x7ffa114c0000
end_va = 0x7ffa114c9fff
monitored = 0
entry_point = 0x7ffa114c1350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1150
start_va = 0x7ffa11560000
end_va = 0x7ffa11577fff
monitored = 0
entry_point = 0x7ffa11561b10
region_type = mapped_file
name = "locationframeworkinternalps.dll"
filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")
Region:
id = 1151
start_va = 0x7ffa11580000
end_va = 0x7ffa115f8fff
monitored = 0
entry_point = 0x7ffa1159fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1152
start_va = 0x7ffa11600000
end_va = 0x7ffa11607fff
monitored = 0
entry_point = 0x7ffa116013e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1153
start_va = 0x7ffa11640000
end_va = 0x7ffa1167ffff
monitored = 0
entry_point = 0x7ffa11651960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1154
start_va = 0x7ffa117d0000
end_va = 0x7ffa117f6fff
monitored = 0
entry_point = 0x7ffa117d7940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1155
start_va = 0x7ffa11800000
end_va = 0x7ffa118a9fff
monitored = 0
entry_point = 0x7ffa11827910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1156
start_va = 0x7ffa118b0000
end_va = 0x7ffa119affff
monitored = 0
entry_point = 0x7ffa118f0f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 1157
start_va = 0x7ffa11a40000
end_va = 0x7ffa11a4bfff
monitored = 0
entry_point = 0x7ffa11a42480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1158
start_va = 0x7ffa11b10000
end_va = 0x7ffa11b41fff
monitored = 0
entry_point = 0x7ffa11b22340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1159
start_va = 0x7ffa11d80000
end_va = 0x7ffa11d8bfff
monitored = 0
entry_point = 0x7ffa11d82790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1160
start_va = 0x7ffa11d90000
end_va = 0x7ffa11db3fff
monitored = 0
entry_point = 0x7ffa11d93260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1161
start_va = 0x7ffa11f30000
end_va = 0x7ffa12023fff
monitored = 0
entry_point = 0x7ffa11f3a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1162
start_va = 0x7ffa12080000
end_va = 0x7ffa120c8fff
monitored = 0
entry_point = 0x7ffa1208a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1163
start_va = 0x7ffa121a0000
end_va = 0x7ffa121abfff
monitored = 0
entry_point = 0x7ffa121a27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1164
start_va = 0x7ffa12280000
end_va = 0x7ffa122b0fff
monitored = 0
entry_point = 0x7ffa12287d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1165
start_va = 0x7ffa122e0000
end_va = 0x7ffa12359fff
monitored = 0
entry_point = 0x7ffa12301a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1166
start_va = 0x7ffa123a0000
end_va = 0x7ffa123d3fff
monitored = 0
entry_point = 0x7ffa123bae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1167
start_va = 0x7ffa123e0000
end_va = 0x7ffa123e9fff
monitored = 0
entry_point = 0x7ffa123e1830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1168
start_va = 0x7ffa124f0000
end_va = 0x7ffa1250efff
monitored = 0
entry_point = 0x7ffa124f5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1169
start_va = 0x7ffa12660000
end_va = 0x7ffa126bbfff
monitored = 0
entry_point = 0x7ffa12676f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1170
start_va = 0x7ffa12710000
end_va = 0x7ffa12726fff
monitored = 0
entry_point = 0x7ffa127179d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1171
start_va = 0x7ffa12830000
end_va = 0x7ffa1283afff
monitored = 0
entry_point = 0x7ffa128319a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1172
start_va = 0x7ffa12870000
end_va = 0x7ffa12890fff
monitored = 0
entry_point = 0x7ffa12880250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1173
start_va = 0x7ffa128c0000
end_va = 0x7ffa128f9fff
monitored = 0
entry_point = 0x7ffa128c8d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1174
start_va = 0x7ffa12900000
end_va = 0x7ffa12926fff
monitored = 0
entry_point = 0x7ffa12910aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1175
start_va = 0x7ffa12a10000
end_va = 0x7ffa12a3cfff
monitored = 0
entry_point = 0x7ffa12a29d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1176
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1177
start_va = 0x7ffa12c00000
end_va = 0x7ffa12c18fff
monitored = 0
entry_point = 0x7ffa12c05e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1178
start_va = 0x7ffa12c20000
end_va = 0x7ffa12c48fff
monitored = 0
entry_point = 0x7ffa12c34530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1179
start_va = 0x7ffa12c50000
end_va = 0x7ffa12ce8fff
monitored = 0
entry_point = 0x7ffa12c7f4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1180
start_va = 0x7ffa12d90000
end_va = 0x7ffa12da3fff
monitored = 0
entry_point = 0x7ffa12d952e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1181
start_va = 0x7ffa12db0000
end_va = 0x7ffa12dbffff
monitored = 0
entry_point = 0x7ffa12db56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1182
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1183
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1184
start_va = 0x7ffa12e20000
end_va = 0x7ffa12e74fff
monitored = 0
entry_point = 0x7ffa12e37970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1185
start_va = 0x7ffa12e80000
end_va = 0x7ffa12f34fff
monitored = 0
entry_point = 0x7ffa12ec22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1186
start_va = 0x7ffa12f40000
end_va = 0x7ffa13106fff
monitored = 0
entry_point = 0x7ffa12f9db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1187
start_va = 0x7ffa13110000
end_va = 0x7ffa13126fff
monitored = 0
entry_point = 0x7ffa13111390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1188
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1189
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1190
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1191
start_va = 0x7ffa133e0000
end_va = 0x7ffa13465fff
monitored = 0
entry_point = 0x7ffa133ed8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1192
start_va = 0x7ffa13520000
end_va = 0x7ffa13b63fff
monitored = 0
entry_point = 0x7ffa136e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1193
start_va = 0x7ffa13b70000
end_va = 0x7ffa13cb2fff
monitored = 0
entry_point = 0x7ffa13b98210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1194
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1195
start_va = 0x7ffa13d60000
end_va = 0x7ffa13d67fff
monitored = 0
entry_point = 0x7ffa13d61ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1196
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1197
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1198
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1199
start_va = 0x7ffa14220000
end_va = 0x7ffa142c6fff
monitored = 0
entry_point = 0x7ffa1422b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1200
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1201
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1202
start_va = 0x7ffa146e0000
end_va = 0x7ffa1474afff
monitored = 0
entry_point = 0x7ffa146f90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1203
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1204
start_va = 0x7ffa14ba0000
end_va = 0x7ffa14bf1fff
monitored = 0
entry_point = 0x7ffa14baf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1205
start_va = 0x7ffa14c00000
end_va = 0x7ffa15028fff
monitored = 0
entry_point = 0x7ffa14c28740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1206
start_va = 0x7ffa15030000
end_va = 0x7ffa1508bfff
monitored = 0
entry_point = 0x7ffa1504b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1207
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1208
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1209
start_va = 0x7ffa15210000
end_va = 0x7ffa1676efff
monitored = 0
entry_point = 0x7ffa153711f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1210
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1336
start_va = 0xd40000
end_va = 0xd40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Region:
id = 1426
start_va = 0x8700000
end_va = 0x87fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008700000"
filename = ""
Region:
id = 1428
start_va = 0x8800000
end_va = 0x88fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008800000"
filename = ""
Region:
id = 1429
start_va = 0x8900000
end_va = 0x89fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008900000"
filename = ""
Region:
id = 1430
start_va = 0x8a00000
end_va = 0x8afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008a00000"
filename = ""
Region:
id = 1519
start_va = 0xd40000
end_va = 0xd42fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Region:
id = 1565
start_va = 0xd40000
end_va = 0xd44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Region:
id = 1567
start_va = 0xd40000
end_va = 0xd44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Region:
id = 1668
start_va = 0xd40000
end_va = 0xd40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Thread:
id = 28
os_tid = 0xabc
Thread:
id = 29
os_tid = 0x1270
Thread:
id = 30
os_tid = 0x1084
Thread:
id = 31
os_tid = 0x106c
Thread:
id = 32
os_tid = 0x105c
Thread:
id = 33
os_tid = 0x380
Thread:
id = 34
os_tid = 0x224
Thread:
id = 35
os_tid = 0x7ac
Thread:
id = 36
os_tid = 0x830
Thread:
id = 37
os_tid = 0x7a0
Thread:
id = 38
os_tid = 0x684
Thread:
id = 39
os_tid = 0x790
Thread:
id = 40
os_tid = 0x474
Thread:
id = 41
os_tid = 0xa6c
Thread:
id = 42
os_tid = 0x840
Thread:
id = 43
os_tid = 0x610
Thread:
id = 44
os_tid = 0xb10
Thread:
id = 45
os_tid = 0x66c
Thread:
id = 46
os_tid = 0x5f4
Thread:
id = 47
os_tid = 0xab8
Thread:
id = 48
os_tid = 0xab0
Thread:
id = 49
os_tid = 0xa5c
Thread:
id = 50
os_tid = 0x8cc
Thread:
id = 51
os_tid = 0x870
Thread:
id = 52
os_tid = 0x9d4
Thread:
id = 53
os_tid = 0x848
Thread:
id = 54
os_tid = 0x524
Thread:
id = 55
os_tid = 0x740
Thread:
id = 56
os_tid = 0x440
Thread:
id = 57
os_tid = 0x1d0
Thread:
id = 58
os_tid = 0x804
Thread:
id = 59
os_tid = 0x338
Thread:
id = 60
os_tid = 0xa84
Thread:
id = 61
os_tid = 0xae0
Thread:
id = 62
os_tid = 0x89c
Thread:
id = 63
os_tid = 0xa94
Thread:
id = 64
os_tid = 0x470
Thread:
id = 65
os_tid = 0xbe0
Thread:
id = 66
os_tid = 0xbd8
Thread:
id = 67
os_tid = 0xb50
Thread:
id = 68
os_tid = 0x5ec
Thread:
id = 69
os_tid = 0x780
Thread:
id = 70
os_tid = 0x5ac
Thread:
id = 71
os_tid = 0x728
Thread:
id = 72
os_tid = 0x5e0
Thread:
id = 73
os_tid = 0x508
Thread:
id = 74
os_tid = 0x428
Thread:
id = 75
os_tid = 0x4f8
Thread:
id = 76
os_tid = 0x7e4
Thread:
id = 77
os_tid = 0x7e0
Thread:
id = 78
os_tid = 0x7dc
Thread:
id = 79
os_tid = 0x7d8
Thread:
id = 80
os_tid = 0x7cc
Thread:
id = 81
os_tid = 0x7c4
Thread:
id = 82
os_tid = 0x7b0
Thread:
id = 83
os_tid = 0x788
Thread:
id = 84
os_tid = 0x744
Thread:
id = 85
os_tid = 0x448
Thread:
id = 86
os_tid = 0x6f8
Thread:
id = 87
os_tid = 0x6d4
Thread:
id = 88
os_tid = 0x648
Thread:
id = 89
os_tid = 0x640
Thread:
id = 90
os_tid = 0x62c
Thread:
id = 91
os_tid = 0x534
Thread:
id = 92
os_tid = 0x530
Thread:
id = 93
os_tid = 0x4a8
Thread:
id = 94
os_tid = 0x2ac
Thread:
id = 95
os_tid = 0x270
Thread:
id = 96
os_tid = 0x154
Thread:
id = 97
os_tid = 0x1b8
Thread:
id = 98
os_tid = 0x1bc
Thread:
id = 99
os_tid = 0x180
Thread:
id = 100
os_tid = 0x188
Thread:
id = 101
os_tid = 0x148
Thread:
id = 102
os_tid = 0x12c
Thread:
id = 103
os_tid = 0xfc
Thread:
id = 104
os_tid = 0x60
Thread:
id = 105
os_tid = 0x3f0
Thread:
id = 106
os_tid = 0x3e8
Thread:
id = 107
os_tid = 0x3cc
Thread:
id = 108
os_tid = 0x364
Thread:
id = 135
os_tid = 0x500
Thread:
id = 136
os_tid = 0x4ec
Thread:
id = 137
os_tid = 0xad0
Thread:
id = 138
os_tid = 0xac8
Process:
id = "7"
image_name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
page_root = "0x5078f000"
os_pid = "0x1324"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x1078"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1238
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1239
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1240
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1241
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1242
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1243
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1244
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 1245
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1246
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1247
start_va = 0x400000
end_va = 0x4c9fff
monitored = 1
entry_point = 0x4c4df2
region_type = mapped_file
name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")
Region:
id = 1248
start_va = 0x771d0000
end_va = 0x7734afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1249
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1250
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1251
start_va = 0x7fff0000
end_va = 0x7ffa1676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1252
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1253
start_va = 0x7ffa16931000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffa16931000"
filename = ""
Region:
id = 1254
start_va = 0x400000
end_va = 0x439fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1255
start_va = 0x440000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1256
start_va = 0x640d0000
end_va = 0x6411ffff
monitored = 0
entry_point = 0x640e8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1257
start_va = 0x64050000
end_va = 0x640c9fff
monitored = 0
entry_point = 0x64063290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1258
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1259
start_va = 0x64120000
end_va = 0x64127fff
monitored = 0
entry_point = 0x641217c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1260
start_va = 0x4f0000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1261
start_va = 0x70450000
end_va = 0x704a8fff
monitored = 1
entry_point = 0x70460780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1262
start_va = 0x76720000
end_va = 0x767fffff
monitored = 0
entry_point = 0x76733980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1263
start_va = 0x76910000
end_va = 0x76a8dfff
monitored = 0
entry_point = 0x769c1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1264
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1265
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1266
start_va = 0x4f0000
end_va = 0x5adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1267
start_va = 0x670000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 1268
start_va = 0x770000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 1271
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1272
start_va = 0x76600000
end_va = 0x7667afff
monitored = 0
entry_point = 0x7661e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1273
start_va = 0x76a90000
end_va = 0x76b4dfff
monitored = 0
entry_point = 0x76ac5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1274
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1275
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1276
start_va = 0x770000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 1277
start_va = 0x950000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 1278
start_va = 0x76cb0000
end_va = 0x76cf3fff
monitored = 0
entry_point = 0x76cc9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1279
start_va = 0x76c00000
end_va = 0x76cacfff
monitored = 0
entry_point = 0x76c14f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1280
start_va = 0x73f00000
end_va = 0x73f1dfff
monitored = 0
entry_point = 0x73f0b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1281
start_va = 0x73ef0000
end_va = 0x73ef9fff
monitored = 0
entry_point = 0x73ef2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1282
start_va = 0x76840000
end_va = 0x76897fff
monitored = 0
entry_point = 0x768825c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1283
start_va = 0x960000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 1284
start_va = 0x6f7a0000
end_va = 0x6f81cfff
monitored = 1
entry_point = 0x6f7b0db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1287
start_va = 0x76d00000
end_va = 0x76d44fff
monitored = 0
entry_point = 0x76d1de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1288
start_va = 0x762b0000
end_va = 0x7646cfff
monitored = 0
entry_point = 0x76392a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1289
start_va = 0x74ab0000
end_va = 0x74bfefff
monitored = 0
entry_point = 0x74b66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1290
start_va = 0x743d0000
end_va = 0x74516fff
monitored = 0
entry_point = 0x743e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1291
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1292
start_va = 0xac0000
end_va = 0xc47fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ac0000"
filename = ""
Region:
id = 1293
start_va = 0x741b0000
end_va = 0x741dafff
monitored = 0
entry_point = 0x741b5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1294
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1295
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1296
start_va = 0xc50000
end_va = 0xdd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c50000"
filename = ""
Region:
id = 1297
start_va = 0xde0000
end_va = 0x21dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000de0000"
filename = ""
Region:
id = 1298
start_va = 0x870000
end_va = 0x933fff
monitored = 1
entry_point = 0x934df2
region_type = mapped_file
name = "6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")
Region:
id = 1299
start_va = 0x76d50000
end_va = 0x76d5bfff
monitored = 0
entry_point = 0x76d53930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1300
start_va = 0x70440000
end_va = 0x70447fff
monitored = 0
entry_point = 0x704417b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1301
start_va = 0x6f0b0000
end_va = 0x6f790fff
monitored = 1
entry_point = 0x6f0dcd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1303
start_va = 0x6efb0000
end_va = 0x6f0a4fff
monitored = 0
entry_point = 0x6f004160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 1304
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1305
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1306
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 1307
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1308
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 1309
start_va = 0x4b0000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 1310
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1311
start_va = 0x4d0000
end_va = 0x4d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1312
start_va = 0x5b0000
end_va = 0x5b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 1313
start_va = 0x21e0000
end_va = 0x23affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 1314
start_va = 0x5c0000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 1315
start_va = 0x5c0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 1316
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 1317
start_va = 0x960000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 1318
start_va = 0xab0000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ab0000"
filename = ""
Region:
id = 1319
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1320
start_va = 0x23b0000
end_va = 0x43affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 1321
start_va = 0x870000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 1322
start_va = 0x620000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1323
start_va = 0x21e0000
end_va = 0x22dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 1324
start_va = 0x23a0000
end_va = 0x23affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 1330
start_va = 0x43b0000
end_va = 0x46e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1331
start_va = 0x6dcf0000
end_va = 0x6efa1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 1332
start_va = 0x74dc0000
end_va = 0x74eaafff
monitored = 0
entry_point = 0x74dfd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1333
start_va = 0x22e0000
end_va = 0x2370fff
monitored = 0
entry_point = 0x2318cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1334
start_va = 0x72cb0000
end_va = 0x72d24fff
monitored = 0
entry_point = 0x72ce9a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1335
start_va = 0x46f0000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046f0000"
filename = ""
Region:
id = 1337
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1338
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1339
start_va = 0x6cae0000
end_va = 0x6cb5ffff
monitored = 1
entry_point = 0x6cae1180
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 1340
start_va = 0x76680000
end_va = 0x76711fff
monitored = 0
entry_point = 0x766b8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1341
start_va = 0x910000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1342
start_va = 0x6d320000
end_va = 0x6dcebfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 1343
start_va = 0x6c950000
end_va = 0x6cadefff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")
Region:
id = 1344
start_va = 0x6bce0000
end_va = 0x6c946fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")
Region:
id = 1345
start_va = 0x6cbf0000
end_va = 0x6d310fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 1346
start_va = 0x6bbe0000
end_va = 0x6bcd0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")
Region:
id = 1347
start_va = 0x69c00000
end_va = 0x6a31dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")
Region:
id = 1349
start_va = 0xa60000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 1350
start_va = 0x764d0000
end_va = 0x764d5fff
monitored = 0
entry_point = 0x764d1460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1351
start_va = 0x5e430000
end_va = 0x5e4cbfff
monitored = 1
entry_point = 0x5e4be9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1352
start_va = 0x22e0000
end_va = 0x237bfff
monitored = 1
entry_point = 0x236e9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1353
start_va = 0x46f0000
end_va = 0x478bfff
monitored = 1
entry_point = 0x477e9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1354
start_va = 0x4870000
end_va = 0x487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004870000"
filename = ""
Region:
id = 1355
start_va = 0x46f0000
end_va = 0x47effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046f0000"
filename = ""
Region:
id = 1356
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1357
start_va = 0x930000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 1358
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1359
start_va = 0x940000
end_va = 0x94ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1360
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1361
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1362
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1363
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1364
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1365
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1366
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1367
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1368
start_va = 0x74eb0000
end_va = 0x762aefff
monitored = 0
entry_point = 0x7506b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1369
start_va = 0x76800000
end_va = 0x76836fff
monitored = 0
entry_point = 0x76803b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1370
start_va = 0x745b0000
end_va = 0x74aa8fff
monitored = 0
entry_point = 0x747b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1371
start_va = 0x74520000
end_va = 0x745acfff
monitored = 0
entry_point = 0x74569b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1372
start_va = 0x76470000
end_va = 0x764b3fff
monitored = 0
entry_point = 0x76477410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1373
start_va = 0x73f20000
end_va = 0x73f2efff
monitored = 0
entry_point = 0x73f22e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1374
start_va = 0x920000
end_va = 0x920fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 1375
start_va = 0x71540000
end_va = 0x7155afff
monitored = 0
entry_point = 0x71549050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1376
start_va = 0x71200000
end_va = 0x71212fff
monitored = 0
entry_point = 0x71209950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1377
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1378
start_va = 0x47f0000
end_va = 0x482ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047f0000"
filename = ""
Region:
id = 1379
start_va = 0x4830000
end_va = 0x486ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004830000"
filename = ""
Region:
id = 1380
start_va = 0x4880000
end_va = 0x497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004880000"
filename = ""
Region:
id = 1381
start_va = 0x4980000
end_va = 0x4a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004980000"
filename = ""
Region:
id = 1382
start_va = 0x4a80000
end_va = 0x4abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a80000"
filename = ""
Region:
id = 1383
start_va = 0x4ac0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ac0000"
filename = ""
Region:
id = 1384
start_va = 0x940000
end_va = 0x940fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 1385
start_va = 0x74340000
end_va = 0x743c3fff
monitored = 0
entry_point = 0x74366220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1386
start_va = 0xa60000
end_va = 0xa60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 1387
start_va = 0xa90000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 1388
start_va = 0x69bb0000
end_va = 0x69bf1fff
monitored = 1
entry_point = 0x69bbf380
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll")
Region:
id = 1389
start_va = 0x69b40000
end_va = 0x69ba6fff
monitored = 0
entry_point = 0x69b5b610
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 1390
start_va = 0x73f30000
end_va = 0x73f8efff
monitored = 0
entry_point = 0x73f34af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1391
start_va = 0x69b30000
end_va = 0x69b3cfff
monitored = 0
entry_point = 0x69b33520
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 1392
start_va = 0x69b10000
end_va = 0x69b2bfff
monitored = 0
entry_point = 0x69b1aa90
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll")
Region:
id = 1393
start_va = 0x69af0000
end_va = 0x69b00fff
monitored = 0
entry_point = 0x69af8fa0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 1394
start_va = 0x69a30000
end_va = 0x69aeefff
monitored = 0
entry_point = 0x69a61e80
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 1396
start_va = 0x699a0000
end_va = 0x69a20fff
monitored = 0
entry_point = 0x699bb260
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 1397
start_va = 0xa70000
end_va = 0xa7efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb")
Region:
id = 1398
start_va = 0x4bc0000
end_va = 0x4c9ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1399
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1400
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1401
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1402
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1403
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1404
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1405
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1406
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1407
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1408
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1409
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1410
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1411
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1412
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1413
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1414
start_va = 0xaa0000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 1415
start_va = 0xaa0000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 1416
start_va = 0xaa0000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 1417
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1418
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1419
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1420
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1421
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1422
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1518
start_va = 0x69980000
end_va = 0x69997fff
monitored = 1
entry_point = 0x699855a6
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1520
start_va = 0x2380000
end_va = 0x2397fff
monitored = 1
entry_point = 0x23855a6
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1521
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1522
start_va = 0x69980000
end_va = 0x69997fff
monitored = 1
entry_point = 0x699855a6
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1523
start_va = 0x4ca0000
end_va = 0x4cb7fff
monitored = 1
entry_point = 0x4ca55a6
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1524
start_va = 0xaa0000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 1525
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1526
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1527
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1528
start_va = 0x4ca0000
end_va = 0x4ca4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 1529
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1530
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1531
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1532
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1533
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1534
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1535
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1536
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1537
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1538
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1539
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1540
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1541
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1542
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1543
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1545
start_va = 0x69810000
end_va = 0x6992cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll")
Region:
id = 1547
start_va = 0x4cb0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1548
start_va = 0x4cf0000
end_va = 0x4deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cf0000"
filename = ""
Region:
id = 1549
start_va = 0x7fe60000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 1550
start_va = 0x7fe50000
end_va = 0x7fe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe50000"
filename = ""
Region:
id = 1551
start_va = 0x4df0000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 1552
start_va = 0x4e30000
end_va = 0x4f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 1553
start_va = 0x69800000
end_va = 0x6980afff
monitored = 1
entry_point = 0x698041f0
region_type = mapped_file
name = "wminet_utils.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")
Region:
id = 1558
start_va = 0x4f30000
end_va = 0x4f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1559
start_va = 0x4f30000
end_va = 0x4f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1561
start_va = 0x4f30000
end_va = 0x4f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1566
start_va = 0x4f30000
end_va = 0x4f34fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004f30000"
filename = ""
Thread:
id = 109
os_tid = 0x1318
[0193.442] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0193.598] RoInitialize () returned 0x1
[0193.599] RoUninitialize () returned 0x0
[0194.775] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x248
[0194.775] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x24c
[0194.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e604 | out: phkResult=0x19e604*=0x25c) returned 0x0
[0194.869] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x0, lpcbData=0x19e620*=0x0 | out: lpType=0x19e624*=0x1, lpData=0x0, lpcbData=0x19e620*=0xe) returned 0x0
[0194.870] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x23b474c, lpcbData=0x19e620*=0xe | out: lpType=0x19e624*=0x1, lpData="Client", lpcbData=0x19e620*=0xe) returned 0x0
[0194.872] RegCloseKey (hKey=0x25c) returned 0x0
[0195.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", nBufferLength=0x105, lpBuffer=0x19dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", lpFilePart=0x0) returned 0x69
[0195.355] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cec0 | out: phkResult=0x19cec0*=0x0) returned 0x2
[0195.687] GetCurrentProcess () returned 0xffffffff
[0195.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x25c) returned 1
[0195.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19dd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0195.698] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0195.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0195.702] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0195.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0195.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e238) returned 1
[0195.703] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260
[0195.704] GetFileType (hFile=0x260) returned 0x1
[0195.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e234) returned 1
[0195.704] GetFileType (hFile=0x260) returned 0x1
[0195.783] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x19e2f4 | out: lpFileSizeHigh=0x19e2f4*=0x0) returned 0x8c8f
[0195.784] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2b0, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e2b0*=0x1000, lpOverlapped=0x0) returned 1
[0195.808] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e160, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e160*=0x1000, lpOverlapped=0x0) returned 1
[0195.810] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1
[0195.811] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1
[0195.812] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1
[0195.812] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df4c, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19df4c*=0x1000, lpOverlapped=0x0) returned 1
[0195.899] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0cc, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e0cc*=0x1000, lpOverlapped=0x0) returned 1
[0195.901] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1
[0195.902] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19dfdc*=0xc8f, lpOverlapped=0x0) returned 1
[0195.902] ReadFile (in: hFile=0x260, lpBuffer=0x23b8bc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e09c, lpOverlapped=0x0 | out: lpBuffer=0x23b8bc0*, lpNumberOfBytesRead=0x19e09c*=0x0, lpOverlapped=0x0) returned 1
[0195.902] CloseHandle (hObject=0x260) returned 1
[0195.904] GetCurrentProcess () returned 0xffffffff
[0195.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x260) returned 1
[0195.905] GetCurrentProcess () returned 0xffffffff
[0195.905] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x264) returned 1
[0195.906] GetCurrentProcess () returned 0xffffffff
[0195.906] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x268) returned 1
[0195.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0195.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config", lpFilePart=0x0) returned 0x69
[0195.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0195.911] GetCurrentProcess () returned 0xffffffff
[0195.911] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x26c) returned 1
[0195.912] GetCurrentProcess () returned 0xffffffff
[0195.912] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x270) returned 1
[0195.927] GetCurrentProcess () returned 0xffffffff
[0195.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2a4 | out: TokenHandle=0x19e2a4*=0x274) returned 1
[0196.001] GetCurrentProcess () returned 0xffffffff
[0196.001] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2b4 | out: TokenHandle=0x19e2b4*=0x278) returned 1
[0196.099] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x27c) returned 0x0
[0196.099] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x0, lpcbData=0x19f400*=0x0 | out: lpType=0x19f404*=0x4, lpData=0x0, lpcbData=0x19f400*=0x4) returned 0x0
[0196.101] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x19f3f0, lpcbData=0x19f400*=0x4 | out: lpType=0x19f404*=0x4, lpData=0x19f3f0*=0x1, lpcbData=0x19f400*=0x4) returned 0x0
[0196.103] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f43c, lpData=0x0, lpcbData=0x19f438*=0x0 | out: lpType=0x19f43c*=0x4, lpData=0x0, lpcbData=0x19f438*=0x4) returned 0x0
[0196.108] RegCloseKey (hKey=0x27c) returned 0x0
[0196.113] GetCurrentProcessId () returned 0x1324
[0196.117] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ec84 | out: lpLuid=0x19ec84*(LowPart=0x14, HighPart=0)) returned 1
[0196.121] GetCurrentProcess () returned 0xffffffff
[0196.121] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ec80 | out: TokenHandle=0x19ec80*=0x284) returned 1
[0196.122] AdjustTokenPrivileges (in: TokenHandle=0x284, DisableAllPrivileges=0, NewState=0x23d5d78*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0196.122] CloseHandle (hObject=0x284) returned 1
[0196.124] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1324) returned 0x284
[0196.315] EnumProcessModules (in: hProcess=0x284, lphModule=0x23d5dbc, cb=0x100, lpcbNeeded=0x19f3f0 | out: lphModule=0x23d5dbc, lpcbNeeded=0x19f3f0) returned 1
[0196.316] GetModuleInformation (in: hProcess=0x284, hModule=0x400000, lpmodinfo=0x23d5efc, cb=0xc | out: lpmodinfo=0x23d5efc*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1
[0196.318] CoTaskMemAlloc (cb=0x804) returned 0x6d41c8
[0196.318] GetModuleBaseNameW (in: hProcess=0x284, hModule=0x400000, lpBaseName=0x6d41c8, nSize=0x800 | out: lpBaseName="6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe") returned 0x44
[0196.319] CoTaskMemFree (pv=0x6d41c8)
[0196.319] CoTaskMemAlloc (cb=0x804) returned 0x6d41c8
[0196.319] GetModuleFileNameExW (in: hProcess=0x284, hModule=0x400000, lpFilename=0x6d41c8, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")) returned 0x62
[0196.320] CoTaskMemFree (pv=0x6d41c8)
[0196.320] CloseHandle (hObject=0x284) returned 1
[0196.320] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", nBufferLength=0x105, lpBuffer=0x19eef8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpFilePart=0x0) returned 0x62
[0196.321] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x0) returned 0x2
[0196.338] EtwEventRegister (in: ProviderId=0x23da41c, EnableCallback=0xa905fe, CallbackContext=0x0, RegHandle=0x23da3f8 | out: RegHandle=0x23da3f8) returned 0x0
[0196.342] EtwEventSetInformation (RegHandle=0x6bb088, InformationClass=0x1c, EventInformation=0x2, InformationLength=0x23da3ac) returned 0x0
[0196.403] GetCurrentProcessId () returned 0x1324
[0196.403] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1324) returned 0x288
[0196.403] EnumProcessModules (in: hProcess=0x288, lphModule=0x23dbe00, cb=0x100, lpcbNeeded=0x19f3f8 | out: lphModule=0x23dbe00, lpcbNeeded=0x19f3f8) returned 1
[0196.410] GetModuleInformation (in: hProcess=0x288, hModule=0x400000, lpmodinfo=0x23dbf40, cb=0xc | out: lpmodinfo=0x23dbf40*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1
[0196.411] CoTaskMemAlloc (cb=0x804) returned 0x6d41c8
[0196.411] GetModuleBaseNameW (in: hProcess=0x288, hModule=0x400000, lpBaseName=0x6d41c8, nSize=0x800 | out: lpBaseName="6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe") returned 0x44
[0196.414] CoTaskMemFree (pv=0x6d41c8)
[0196.414] CoTaskMemAlloc (cb=0x804) returned 0x6d41c8
[0196.414] GetModuleFileNameExW (in: hProcess=0x288, hModule=0x400000, lpFilename=0x6d41c8, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe")) returned 0x62
[0196.414] CoTaskMemFree (pv=0x6d41c8)
[0196.414] CloseHandle (hObject=0x288) returned 1
[0196.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", nBufferLength=0x105, lpBuffer=0x19ef00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe", lpFilePart=0x0) returned 0x62
[0196.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x0) returned 0x2
[0196.417] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x288) returned 0x0
[0196.417] RegQueryValueExW (in: hKey=0x288, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x19f40c, lpData=0x0, lpcbData=0x19f408*=0x0 | out: lpType=0x19f40c*=0x0, lpData=0x0, lpcbData=0x19f408*=0x0) returned 0x2
[0196.417] RegCloseKey (hKey=0x288) returned 0x0
[0196.790] GetCurrentProcessId () returned 0x1324
[0196.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x33b94d0, Length=0x20000, ResultLength=0x19f44c | out: SystemInformation=0x33b94d0, ResultLength=0x19f44c*=0x14e38) returned 0x0
[0197.115] GetCurrentProcessId () returned 0x1324
[0197.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x33b94d0, Length=0x20000, ResultLength=0x19f43c | out: SystemInformation=0x33b94d0, ResultLength=0x19f43c*=0x14e38) returned 0x0
[0197.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19edd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0197.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0197.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2dc) returned 1
[0197.433] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f358 | out: lpFileInformation=0x19f358*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0197.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2d8) returned 1
[0197.538] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f234 | out: pfEnabled=0x19f234) returned 0x0
[0197.693] CreateBindCtx (in: reserved=0x0, ppbc=0x19f418 | out: ppbc=0x19f418*=0x6c17b0) returned 0x0
[0197.694] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eecc | out: ppvObject=0x19eecc*=0x6c17b0) returned 0x0
[0197.694] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee88 | out: ppvObject=0x19ee88*=0x0) returned 0x80004002
[0197.694] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eca4 | out: ppvObject=0x19eca4*=0x0) returned 0x80004002
[0197.694] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea7c | out: ppvObject=0x19ea7c*=0x0) returned 0x80004002
[0197.694] IUnknown:AddRef (This=0x6c17b0) returned 0x3
[0197.695] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002
[0197.695] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002
[0197.695] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x0) returned 0x80004002
[0197.695] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0
[0197.695] CObjectContext::QueryInterface () returned 0x0
[0197.696] CObjectContext::GetCurrentApartmentType () returned 0x0
[0197.696] Release () returned 0x0
[0197.696] CoGetObjectContext (in: riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d31ac | out: ppv=0x6d31ac*=0x6b0080) returned 0x0
[0197.898] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0
[0197.898] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002
[0197.899] IUnknown:Release (This=0x6c17b0) returned 0x2
[0197.899] CoGetContextToken (in: pToken=0x19f1e0 | out: pToken=0x19f1e0) returned 0x0
[0197.900] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0
[0197.900] IUnknown:QueryInterface (in: This=0x6c17b0, riid=0x19f210*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x6c17b0) returned 0x0
[0197.900] IUnknown:AddRef (This=0x6c17b0) returned 0x4
[0197.900] IUnknown:Release (This=0x6c17b0) returned 0x3
[0197.900] IUnknown:Release (This=0x6c17b0) returned 0x2
[0197.901] CoGetContextToken (in: pToken=0x19f260 | out: pToken=0x19f260) returned 0x0
[0197.901] IUnknown:AddRef (This=0x6c17b0) returned 0x3
[0197.901] MkParseDisplayName (in: pbc=0x6c17b0, szUserName="WinMgmts:", pchEaten=0x19f44c, ppmk=0x19f404 | out: pchEaten=0x19f44c, ppmk=0x19f404*=0x6dedc8) returned 0x0
[0199.238] malloc (_Size=0x80) returned 0xab2e80
[0199.240] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6da528
[0199.240] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.241] DllGetClassObject (in: rclsid=0x6e807c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x762c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1f0 | out: ppv=0x19f1f0*=0x6da5a0) returned 0x0
[0199.241] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6da5a0
[0199.242] WinMGMTS:IClassFactory:CreateInstance (in: This=0x6da5a0, pUnkOuter=0x0, riid=0x74dc6800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f198 | out: ppvObject=0x19f198*=0x6d9e98) returned 0x0
[0199.245] GetVersionExW (in: lpVersionInformation=0x19ef50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efb0, dwMinorVersion=0x7673234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\㟟≶) | out: lpVersionInformation=0x19ef50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0199.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef48 | out: phkResult=0x19ef48*=0x384) returned 0x0
[0199.245] RegQueryValueExW (in: hKey=0x384, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef40, lpcbData=0x19ef4c*=0x4 | out: lpType=0x0, lpData=0x19ef40*=0x3, lpcbData=0x19ef4c*=0x4) returned 0x0
[0199.245] RegCloseKey (hKey=0x384) returned 0x0
[0199.245] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9760
[0199.245] GetSystemDirectoryW (in: lpBuffer=0x6e9760, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0199.245] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76600000
[0199.246] GetProcAddress (hModule=0x76600000, lpProcName="DuplicateTokenEx") returned 0x76620ad0
[0199.246] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.246] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6df0c0
[0199.246] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6d9e98
[0199.247] WinMGMTS:IUnknown:Release (This=0x6da5a0) returned 0x0
[0199.247] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.247] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x6d9e98, pbc=0x6c17b0, pszDisplayName="WinMgmts:", pchEaten=0x19f3a8, ppmkOut=0x19f3a4 | out: pchEaten=0x19f3a8*=0x9, ppmkOut=0x19f3a4*=0x6dedc8) returned 0x0
[0199.247] ApiSetQueryApiSetPresence () returned 0x0
[0199.247] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0
[0199.247] IBindCtx:GetObjectParam (in: This=0x6c17b0, pszKey=0x69bb3e5c, ppunk=0x19f250 | out: ppunk=0x19f250*=0x0) returned 0x80004005
[0199.247] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x684ae0
[0199.248] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123
[0199.248] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c8318
[0199.248] ResolveDelayLoadedAPI () returned 0x76330060
[0199.249] CoCreateInstance (in: rclsid=0x69bb1c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69bb1c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c8330 | out: ppv=0x6c8330*=0x6d9ef8) returned 0x0
[0199.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c8450
[0199.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c3f98
[0199.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x684c40
[0199.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0199.475] GetCurrentThreadId () returned 0x1318
[0199.475] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91
[0199.475] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0199.475] GetCurrentThreadId () returned 0x1318
[0199.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0c4 | out: phkResult=0x19f0c4*=0x38c) returned 0x0
[0199.476] RegQueryValueExW (in: hKey=0x38c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0c8*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0c8*=0x16) returned 0x0
[0199.477] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x684c80
[0199.477] RegQueryValueExW (in: hKey=0x38c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x684c80, lpcbData=0x19f0c8*=0x16 | out: lpType=0x0, lpData=0x684c80*=0x72, lpcbData=0x19f0c8*=0x16) returned 0x0
[0199.477] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x684b60
[0199.478] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.478] RegCloseKey (hKey=0x38c) returned 0x0
[0199.478] CoCreateInstance (in: rclsid=0x69bb21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69bb21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0fc | out: ppv=0x19f0fc*=0x6e9838) returned 0x0
[0199.726] SysStringLen (param_1=".") returned 0x1
[0199.726] WbemDefPath:IWbemPath:SetServer (This=0x6e9838, Name=".") returned 0x0
[0199.726] CoCreateInstance (in: rclsid=0x69bb21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69bb21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0a8 | out: ppv=0x19f0a8*=0x6e98a8) returned 0x0
[0199.726] CoCreateInstance (in: rclsid=0x69bb21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69bb21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f044 | out: ppv=0x19f044*=0x6e9918) returned 0x0
[0199.726] WbemDefPath:IWbemPath:SetText (This=0x6e9918, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0199.726] WbemDefPath:IUnknown:Release (This=0x6e9918) returned 0x0
[0199.726] SysStringLen (param_1="root\\cimv2") returned 0xa
[0199.727] WbemDefPath:IWbemPath:SetText (This=0x6e98a8, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0199.727] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6e98a8, puCount=0x19f0c0 | out: puCount=0x19f0c0*=0x2) returned 0x0
[0199.727] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x6e9838) returned 0x0
[0199.727] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6e98a8, uIndex=0x0, puNameBufLength=0x19f07c*=0x0, pName=0x0 | out: puNameBufLength=0x19f07c*=0x5, pName=0x0) returned 0x0
[0199.727] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9d70
[0199.727] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6e98a8, uIndex=0x0, puNameBufLength=0x19f07c*=0x5, pName="" | out: puNameBufLength=0x19f07c*=0x5, pName="root") returned 0x0
[0199.727] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.727] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6e9838, uIndex=0x0, pszName="root") returned 0x0
[0199.727] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6e98a8, uIndex=0x1, puNameBufLength=0x19f07c*=0x0, pName=0x0 | out: puNameBufLength=0x19f07c*=0x6, pName=0x0) returned 0x0
[0199.727] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9cb0
[0199.727] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6e98a8, uIndex=0x1, puNameBufLength=0x19f07c*=0x6, pName="" | out: puNameBufLength=0x19f07c*=0x6, pName="cimv2") returned 0x0
[0199.727] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.727] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6e9838, uIndex=0x1, pszName="cimv2") returned 0x0
[0199.727] WbemDefPath:IUnknown:Release (This=0x6e98a8) returned 0x0
[0199.727] WbemDefPath:IWbemPath:GetText (in: This=0x6e9838, lFlags=4, puBuffLength=0x19f0c4*=0x0, pszText=0x0 | out: puBuffLength=0x19f0c4*=0xf, pszText=0x0) returned 0x0
[0199.727] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6dee68
[0199.727] WbemDefPath:IWbemPath:GetText (in: This=0x6e9838, lFlags=4, puBuffLength=0x19f0c4*=0xf, pszText="" | out: puBuffLength=0x19f0c4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0199.727] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0199.728] WbemDefPath:IUnknown:Release (This=0x6e9838) returned 0x0
[0199.728] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6d9ef8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f144 | out: ppNamespace=0x19f144*=0x6eddf0) returned 0x0
[0201.404] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6eff18
[0201.404] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c3b78
[0201.405] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e0550
[0201.405] WbemLocator:IUnknown:QueryInterface (in: This=0x6eddf0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x6d821c) returned 0x0
[0201.405] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d821c, pProxy=0x6eddf0, pAuthnSvc=0x19f110, pAuthzSvc=0x19f114, pServerPrincName=0x0, pAuthnLevel=0x19f184, pImpLevel=0x19f18c, pAuthInfo=0x0, pCapabilites=0x19f118 | out: pAuthnSvc=0x19f110*=0xa, pAuthzSvc=0x19f114*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f184*=0x6, pImpLevel=0x19f18c*=0x2, pAuthInfo=0x0, pCapabilites=0x19f118*=0x1) returned 0x0
[0201.405] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x1
[0201.405] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0201.406] GetCurrentThreadId () returned 0x1318
[0201.406] WbemLocator:IUnknown:QueryInterface (in: This=0x6eddf0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ac | out: ppvObject=0x19f1ac*=0x6d821c) returned 0x0
[0201.406] WbemLocator:IClientSecurity:CopyProxy (in: This=0x6d821c, pProxy=0x6eddf0, ppCopy=0x19f1d0 | out: ppCopy=0x19f1d0*=0x6ee250) returned 0x0
[0201.406] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f048 | out: ppvObject=0x19f048*=0x6d821c) returned 0x0
[0201.406] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d821c, pProxy=0x6ee250, pAuthnSvc=0x19f078, pAuthzSvc=0x19f074, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f078*=0xa, pAuthzSvc=0x19f074*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0201.406] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x3
[0201.406] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f02c | out: ppvObject=0x19f02c*=0x6d8240) returned 0x0
[0201.406] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f030 | out: ppvObject=0x19f030*=0x6d821c) returned 0x0
[0201.407] WbemLocator:IClientSecurity:SetBlanket (This=0x6d821c, pProxy=0x6ee250, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0201.407] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x4
[0201.407] WbemLocator:IUnknown:Release (This=0x6d8240) returned 0x3
[0201.407] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x2
[0201.407] WbemLocator:IUnknown:AddRef (This=0x6ee250) returned 0x3
[0201.407] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c3e18
[0201.407] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9e18
[0201.408] WbemLocator:IUnknown:Release (This=0x6eddf0) returned 0x2
[0201.408] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0201.408] GetCurrentThreadId () returned 0x1318
[0201.408] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0201.408] GetCurrentThreadId () returned 0x1318
[0201.408] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d4 | out: ppvObject=0x19f1d4*=0x6d821c) returned 0x0
[0201.408] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d821c, pProxy=0x6ee250, pAuthnSvc=0x19f1c0, pAuthzSvc=0x19f1c4, pServerPrincName=0x0, pAuthnLevel=0x19f1d0, pImpLevel=0x19f1cc, pAuthInfo=0x0, pCapabilites=0x19f1c8 | out: pAuthnSvc=0x19f1c0*=0xa, pAuthzSvc=0x19f1c4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1d0*=0x6, pImpLevel=0x19f1cc*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1c8*=0x20) returned 0x0
[0201.408] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x2
[0201.408] ResolveDelayLoadedAPI () returned 0x74df2060
[0201.410] CreatePointerMoniker (in: punk=0x6eff18, ppmk=0x19f3a4 | out: ppmk=0x19f3a4*=0x6dedc8) returned 0x0
[0201.410] IUnknown:AddRef (This=0x6eff18) returned 0x2
[0201.413] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.413] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.413] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.414] WbemLocator:IUnknown:Release (This=0x6d9ef8) returned 0x0
[0201.414] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.414] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.416] WinMGMTS:IUnknown:Release (This=0x6d9e98) returned 0x0
[0201.416] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0201.421] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec0 | out: ppvObject=0x19eec0*=0x6dedc8) returned 0x0
[0201.421] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002
[0201.421] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x0) returned 0x80004002
[0201.421] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea74 | out: ppvObject=0x19ea74*=0x0) returned 0x80004002
[0201.422] IUnknown:AddRef (This=0x6dedc8) returned 0x3
[0201.422] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7d4 | out: ppvObject=0x19e7d4*=0x0) returned 0x80004002
[0201.422] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002
[0201.422] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e790 | out: ppvObject=0x19e790*=0x6deddc) returned 0x0
[0201.422] IMarshal:GetUnmarshalClass (in: This=0x6deddc, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e798 | out: pCid=0x19e798*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0201.422] IUnknown:Release (This=0x6deddc) returned 0x3
[0201.422] CoGetContextToken (in: pToken=0x19e7f0 | out: pToken=0x19e7f0) returned 0x0
[0201.422] CoGetContextToken (in: pToken=0x19ebf8 | out: pToken=0x19ebf8) returned 0x0
[0201.422] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec84 | out: ppvObject=0x19ec84*=0x0) returned 0x80004002
[0201.423] IUnknown:Release (This=0x6dedc8) returned 0x2
[0201.423] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0
[0201.423] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0
[0201.423] IUnknown:QueryInterface (in: This=0x6dedc8, riid=0x19f200*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x6dedc8) returned 0x0
[0201.423] IUnknown:AddRef (This=0x6dedc8) returned 0x4
[0201.423] IUnknown:Release (This=0x6dedc8) returned 0x3
[0201.423] IUnknown:Release (This=0x6c17b0) returned 0x2
[0201.423] IUnknown:Release (This=0x6dedc8) returned 0x2
[0201.426] CoGetContextToken (in: pToken=0x19f268 | out: pToken=0x19f268) returned 0x0
[0201.426] IUnknown:AddRef (This=0x6dedc8) returned 0x3
[0201.426] BindMoniker (in: pmk=0x6dedc8, grfOpt=0x0, iidResult=0x244efd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f408 | out: ppvResult=0x19f408*=0x6eff18) returned 0x0
[0201.426] IUnknown:QueryInterface (in: This=0x6eff18, riid=0x244efd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f408 | out: ppvObject=0x19f408*=0x6eff18) returned 0x0
[0201.427] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec5c*=0x0 | out: pptlib=0x19ec5c*=0x6f2f48) returned 0x0
[0201.691] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x6eff5c*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x6eff44 | out: ppTInfo=0x6eff44*=0x6f499c) returned 0x0
[0201.693] IUnknown:Release (This=0x6f2f48) returned 0x1
[0201.718] CoGetContextToken (in: pToken=0x19e7f0 | out: pToken=0x19e7f0) returned 0x0
[0201.718] CoGetContextToken (in: pToken=0x19ebf8 | out: pToken=0x19ebf8) returned 0x0
[0201.718] IUnknown:Release (This=0x6dedc8) returned 0x2
[0202.218] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0
[0202.218] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eeb8*=0x0 | out: pptlib=0x19eeb8*=0x6f2f48) returned 0x0
[0202.220] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x6eff4c*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x6eff40 | out: ppTInfo=0x6eff40*=0x6f49c8) returned 0x0
[0202.221] IUnknown:Release (This=0x6f2f48) returned 0x2
[0202.221] IUnknown:AddRef (This=0x6f49c8) returned 0x2
[0202.221] DispGetIDsOfNames (in: ptinfo=0x6f49c8, rgszNames=0x19ef40*="InstancesOf", cNames=0x1, rgdispid=0x19ef30 | out: rgdispid=0x19ef30*=5) returned 0x0
[0202.252] IUnknown:Release (This=0x6f49c8) returned 0x1
[0202.255] IUnknown:AddRef (This=0x6f49c8) returned 0x2
[0202.255] ITypeInfo:LocalInvoke (This=0x6f49c8) returned 0x0
[0202.256] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0202.256] GetCurrentThreadId () returned 0x1318
[0202.256] WbemLocator:IUnknown:AddRef (This=0x6ee250) returned 0x3
[0202.256] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0202.256] GetCurrentThreadId () returned 0x1318
[0202.257] IWbemServices:CreateInstanceEnum (in: This=0x6ee250, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e72c | out: ppEnum=0x19e72c*=0x6f2ea8) returned 0x0
[0202.303] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c3f98
[0202.303] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c4118
[0202.303] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6c39f8
[0202.303] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9e78
[0202.304] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e08e8
[0202.369] IUnknown:QueryInterface (in: This=0x6f2ea8, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x6f2eac) returned 0x0
[0202.369] IClientSecurity:QueryBlanket (in: This=0x6f2eac, pProxy=0x6f2ea8, pAuthnSvc=0x19e5c0, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5fc, pImpLevel=0x19e600, pAuthInfo=0x0, pCapabilites=0x19e5c4 | out: pAuthnSvc=0x19e5c0*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5fc*=0x6, pImpLevel=0x19e600*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5c4*=0x1) returned 0x0
[0202.369] IUnknown:Release (This=0x6f2eac) returned 0x1
[0202.369] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0202.370] GetCurrentThreadId () returned 0x1318
[0202.370] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5c4 | out: ppvObject=0x19e5c4*=0x6d821c) returned 0x0
[0202.370] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d821c, pProxy=0x6ee250, pAuthnSvc=0x19e5ac, pAuthzSvc=0x19e5b0, pServerPrincName=0x0, pAuthnLevel=0x19e5bc, pImpLevel=0x19e5c0, pAuthInfo=0x0, pCapabilites=0x19e5b4 | out: pAuthnSvc=0x19e5ac*=0xa, pAuthzSvc=0x19e5b0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5bc*=0x6, pImpLevel=0x19e5c0*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5b4*=0x20) returned 0x0
[0202.370] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x3
[0202.370] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0202.370] GetCurrentThreadId () returned 0x1318
[0202.370] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee250, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5c4 | out: ppvObject=0x19e5c4*=0x6d821c) returned 0x0
[0202.371] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d821c, pProxy=0x6ee250, pAuthnSvc=0x19e5ac, pAuthzSvc=0x19e5b0, pServerPrincName=0x0, pAuthnLevel=0x19e5c0, pImpLevel=0x19e5bc, pAuthInfo=0x0, pCapabilites=0x19e5b4 | out: pAuthnSvc=0x19e5ac*=0xa, pAuthzSvc=0x19e5b0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5c0*=0x6, pImpLevel=0x19e5bc*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5b4*=0x20) returned 0x0
[0202.371] WbemLocator:IUnknown:Release (This=0x6d821c) returned 0x3
[0202.371] IUnknown:QueryInterface (in: This=0x6f2ea8, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x6f2eac) returned 0x0
[0202.374] IClientSecurity:CopyProxy (in: This=0x6f2eac, pProxy=0x6f2ea8, ppCopy=0x19e5f8 | out: ppCopy=0x19e5f8*=0x6f5eb0) returned 0x0
[0202.374] IUnknown:QueryInterface (in: This=0x6f5eb0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e54c | out: ppvObject=0x19e54c*=0x6f5eb4) returned 0x0
[0202.375] IClientSecurity:QueryBlanket (in: This=0x6f5eb4, pProxy=0x6f5eb0, pAuthnSvc=0x19e57c, pAuthzSvc=0x19e578, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e57c*=0xa, pAuthzSvc=0x19e578*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0202.375] IUnknown:Release (This=0x6f5eb4) returned 0x3
[0202.375] IUnknown:QueryInterface (in: This=0x6f5eb0, riid=0x69bb1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e530 | out: ppvObject=0x19e530*=0x6d8f40) returned 0x0
[0202.375] IUnknown:QueryInterface (in: This=0x6f5eb0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e534 | out: ppvObject=0x19e534*=0x6f5eb4) returned 0x0
[0202.375] IClientSecurity:SetBlanket (This=0x6f5eb4, pProxy=0x6f5eb0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0202.697] IUnknown:Release (This=0x6f5eb4) returned 0x4
[0202.697] WbemLocator:IUnknown:Release (This=0x6d8f40) returned 0x3
[0202.697] IUnknown:Release (This=0x6f2eac) returned 0x2
[0202.697] IUnknown:AddRef (This=0x6f5eb0) returned 0x3
[0202.697] IUnknown:Release (This=0x6f2ea8) returned 0x2
[0202.697] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e6e8 | out: pperrinfo=0x19e6e8*=0x0) returned 0x1
[0202.698] WbemLocator:IUnknown:Release (This=0x6ee250) returned 0x2
[0202.698] IUnknown:Release (This=0x6f49c8) returned 0x1
[0202.699] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e714*=0x0 | out: pptlib=0x19e714*=0x6f2f48) returned 0x0
[0202.700] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x6c3fd0*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x6c3fb8 | out: ppTInfo=0x6c3fb8*=0x6f4ad0) returned 0x0
[0202.700] IUnknown:Release (This=0x6f2f48) returned 0x3
[0202.701] IUnknown:AddRef (This=0x6f4ad0) returned 0x2
[0202.701] ITypeInfo:RemoteGetTypeAttr (in: This=0x6f4ad0, ppTypeAttr=0x19e750, pDummy=0x9216d2cf | out: ppTypeAttr=0x19e750, pDummy=0x9216d2cf) returned 0x0
[0202.796] ITypeInfo:LocalReleaseTypeAttr (This=0x6f4ad0) returned 0x0
[0202.796] IUnknown:Release (This=0x6f4ad0) returned 0x1
[0202.796] CoGetContextToken (in: pToken=0x19e2a8 | out: pToken=0x19e2a8) returned 0x0
[0202.796] CoGetContextToken (in: pToken=0x19e6b0 | out: pToken=0x19e6b0) returned 0x0
[0202.797] CoGetContextToken (in: pToken=0x19f2a8 | out: pToken=0x19f2a8) returned 0x0
[0202.797] CoGetContextToken (in: pToken=0x19f208 | out: pToken=0x19f208) returned 0x0
[0202.799] CoGetContextToken (in: pToken=0x19f220 | out: pToken=0x19f220) returned 0x0
[0202.799] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f210*=0x0 | out: pptlib=0x19f210*=0x6f2f48) returned 0x0
[0202.800] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x6c3fc0*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x6c3fb4 | out: ppTInfo=0x6c3fb4*=0x6f4a78) returned 0x0
[0202.800] IUnknown:Release (This=0x6f2f48) returned 0x4
[0202.800] IUnknown:AddRef (This=0x6f4a78) returned 0x2
[0202.800] ITypeInfo:LocalInvoke (This=0x6f4a78) returned 0x0
[0202.801] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0202.801] GetCurrentThreadId () returned 0x1318
[0202.801] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6eec88
[0202.801] IUnknown:Release (This=0x6f4a78) returned 0x1
[0202.801] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0203.700] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x6bd230
[0203.704] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x6bdb38
[0203.804] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0
[0203.897] CoGetContextToken (in: pToken=0x19ea50 | out: pToken=0x19ea50) returned 0x0
[0203.897] IUnknown:AddRef (This=0x6f4a78) returned 0x2
[0203.897] ITypeInfo:LocalInvoke (This=0x6f4a78) returned 0x0
[0203.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.897] GetCurrentThreadId () returned 0x1318
[0203.897] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.897] GetCurrentThreadId () returned 0x1318
[0203.898] IUnknown:AddRef (This=0x6f5eb0) returned 0x3
[0203.898] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.898] GetCurrentThreadId () returned 0x1318
[0203.898] IEnumWbemClassObject:Clone (in: This=0x6f5eb0, ppEnum=0x19ea80 | out: ppEnum=0x19ea80*=0x703278) returned 0x0
[0203.924] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6f96f8
[0203.925] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6fa178
[0203.925] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6f9e18
[0203.925] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9cd8
[0203.925] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6dfed8
[0203.925] IUnknown:QueryInterface (in: This=0x703278, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x70327c) returned 0x0
[0203.926] IClientSecurity:QueryBlanket (in: This=0x70327c, pProxy=0x703278, pAuthnSvc=0x19e918, pAuthzSvc=0x19e920, pServerPrincName=0x0, pAuthnLevel=0x19e954, pImpLevel=0x19e958, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e918*=0xa, pAuthzSvc=0x19e920*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e954*=0x6, pImpLevel=0x19e958*=0x2, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x1) returned 0x0
[0203.926] IUnknown:Release (This=0x70327c) returned 0x1
[0203.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.926] GetCurrentThreadId () returned 0x1318
[0203.926] IUnknown:QueryInterface (in: This=0x6f5eb0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x6f5eb4) returned 0x0
[0203.926] IClientSecurity:QueryBlanket (in: This=0x6f5eb4, pProxy=0x6f5eb0, pAuthnSvc=0x19e904, pAuthzSvc=0x19e908, pServerPrincName=0x0, pAuthnLevel=0x19e914, pImpLevel=0x19e918, pAuthInfo=0x0, pCapabilites=0x19e90c | out: pAuthnSvc=0x19e904*=0xa, pAuthzSvc=0x19e908*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e914*=0x6, pImpLevel=0x19e918*=0x3, pAuthInfo=0x0, pCapabilites=0x19e90c*=0x20) returned 0x0
[0203.926] IUnknown:Release (This=0x6f5eb4) returned 0x3
[0203.926] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.926] GetCurrentThreadId () returned 0x1318
[0203.927] IUnknown:QueryInterface (in: This=0x6f5eb0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x6f5eb4) returned 0x0
[0203.927] IClientSecurity:QueryBlanket (in: This=0x6f5eb4, pProxy=0x6f5eb0, pAuthnSvc=0x19e904, pAuthzSvc=0x19e908, pServerPrincName=0x0, pAuthnLevel=0x19e918, pImpLevel=0x19e914, pAuthInfo=0x0, pCapabilites=0x19e90c | out: pAuthnSvc=0x19e904*=0xa, pAuthzSvc=0x19e908*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e918*=0x6, pImpLevel=0x19e914*=0x3, pAuthInfo=0x0, pCapabilites=0x19e90c*=0x20) returned 0x0
[0203.927] IUnknown:Release (This=0x6f5eb4) returned 0x3
[0203.927] IUnknown:QueryInterface (in: This=0x703278, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e94c | out: ppvObject=0x19e94c*=0x70327c) returned 0x0
[0203.927] IClientSecurity:CopyProxy (in: This=0x70327c, pProxy=0x703278, ppCopy=0x19e950 | out: ppCopy=0x19e950*=0x7037f0) returned 0x0
[0203.927] IUnknown:QueryInterface (in: This=0x7037f0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x7037f4) returned 0x0
[0203.927] IClientSecurity:QueryBlanket (in: This=0x7037f4, pProxy=0x7037f0, pAuthnSvc=0x19e8d4, pAuthzSvc=0x19e8d0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8d4*=0xa, pAuthzSvc=0x19e8d0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0203.927] IUnknown:Release (This=0x7037f4) returned 0x3
[0203.927] IUnknown:QueryInterface (in: This=0x7037f0, riid=0x69bb1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e888 | out: ppvObject=0x19e888*=0x6d9740) returned 0x0
[0203.927] IUnknown:QueryInterface (in: This=0x7037f0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x7037f4) returned 0x0
[0203.927] IClientSecurity:SetBlanket (This=0x7037f4, pProxy=0x7037f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0203.935] IUnknown:Release (This=0x7037f4) returned 0x4
[0203.935] WbemLocator:IUnknown:Release (This=0x6d9740) returned 0x3
[0203.935] IUnknown:Release (This=0x70327c) returned 0x2
[0203.935] IUnknown:AddRef (This=0x7037f0) returned 0x3
[0203.936] IUnknown:Release (This=0x703278) returned 0x2
[0203.936] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea40 | out: pperrinfo=0x19ea40*=0x0) returned 0x1
[0203.936] IUnknown:Release (This=0x6f5eb0) returned 0x2
[0203.936] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.936] GetCurrentThreadId () returned 0x1318
[0203.936] IUnknown:AddRef (This=0x7037f0) returned 0x3
[0203.936] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0203.936] GetCurrentThreadId () returned 0x1318
[0203.936] IEnumWbemClassObject:Reset (This=0x7037f0) returned 0x0
[0203.941] IUnknown:Release (This=0x7037f0) returned 0x2
[0203.941] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6eebc8
[0203.941] IUnknown:Release (This=0x6f4a78) returned 0x1
[0203.978] CoGetContextToken (in: pToken=0x19e230 | out: pToken=0x19e230) returned 0x0
[0203.978] CoGetContextToken (in: pToken=0x19e638 | out: pToken=0x19e638) returned 0x0
[0204.056] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0
[0204.056] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0204.056] GetCurrentThreadId () returned 0x1318
[0204.056] IUnknown:AddRef (This=0x7037f0) returned 0x3
[0204.057] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0204.057] GetCurrentThreadId () returned 0x1318
[0204.057] IEnumWbemClassObject:Next (in: This=0x7037f0, lTimeout=-1, uCount=0x1, apObjects=0x19f3b4, puReturned=0x19f394 | out: apObjects=0x19f3b4*=0x707070, puReturned=0x19f394*=0x1) returned 0x0
[0204.102] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6ef450
[0204.102] IUnknown:AddRef (This=0x707070) returned 0x2
[0204.102] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6b4d00
[0204.102] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6f99f8
[0204.102] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6f9e78
[0204.102] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9c58
[0204.102] WbemLocator:IUnknown:AddRef (This=0x6ee250) returned 0x3
[0204.102] IUnknown:AddRef (This=0x7037f0) returned 0x4
[0204.102] IUnknown:QueryInterface (in: This=0x7037f0, riid=0x69bb1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e0 | out: ppvObject=0x19f3e0*=0x7037f4) returned 0x0
[0204.103] IClientSecurity:QueryBlanket (in: This=0x7037f4, pProxy=0x7037f0, pAuthnSvc=0x19f364, pAuthzSvc=0x19f36c, pServerPrincName=0x0, pAuthnLevel=0x19f390, pImpLevel=0x19f39c, pAuthInfo=0x0, pCapabilites=0x19f360 | out: pAuthnSvc=0x19f364*=0xa, pAuthzSvc=0x19f36c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f390*=0x6, pImpLevel=0x19f39c*=0x3, pAuthInfo=0x0, pCapabilites=0x19f360*=0x20) returned 0x0
[0204.103] IUnknown:Release (This=0x7037f4) returned 0x4
[0204.103] WbemLocator:IUnknown:Release (This=0x6ee250) returned 0x2
[0204.103] WbemLocator:IUnknown:AddRef (This=0x6ee250) returned 0x3
[0204.103] IUnknown:Release (This=0x7037f0) returned 0x3
[0204.103] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0204.103] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6f6250
[0204.103] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6e9f58
[0204.103] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x701038
[0204.103] IUnknown:AddRef (This=0x707070) returned 0x3
[0204.103] IUnknown:Release (This=0x707070) returned 0x2
[0204.103] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f32c | out: pperrinfo=0x19f32c*=0x0) returned 0x1
[0204.103] IUnknown:Release (This=0x7037f0) returned 0x2
[0204.104] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3e4 | out: pperrinfo=0x19f3e4*=0x0) returned 0x1
[0204.105] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb8c*=0x0 | out: pptlib=0x19eb8c*=0x6f2f48) returned 0x0
[0204.106] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x69bb4c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x6f626c | out: ppTInfo=0x6f626c*=0x6f4afc) returned 0x0
[0204.106] IUnknown:Release (This=0x6f2f48) returned 0x5
[0204.106] IUnknown:AddRef (This=0x6f4afc) returned 0x2
[0204.106] ITypeInfo:RemoteGetTypeAttr (in: This=0x6f4afc, ppTypeAttr=0x19ebc8, pDummy=0x9216de57 | out: ppTypeAttr=0x19ebc8, pDummy=0x9216de57) returned 0x0
[0204.107] ITypeInfo:LocalReleaseTypeAttr (This=0x6f4afc) returned 0x0
[0204.107] IUnknown:Release (This=0x6f4afc) returned 0x1
[0204.108] CoGetContextToken (in: pToken=0x19e720 | out: pToken=0x19e720) returned 0x0
[0204.108] CoGetContextToken (in: pToken=0x19eb28 | out: pToken=0x19eb28) returned 0x0
[0204.112] CoGetContextToken (in: pToken=0x19eee8 | out: pToken=0x19eee8) returned 0x0
[0204.112] LoadRegTypeLib (in: rguid=0x69bb2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eed8*=0x0 | out: pptlib=0x19eed8*=0x6f2f48) returned 0x0
[0204.113] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f2f48, GUID=0x69bb1e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x6f6268 | out: ppTInfo=0x6f6268*=0x6f4b28) returned 0x0
[0204.114] IUnknown:Release (This=0x6f2f48) returned 0x6
[0204.114] IUnknown:AddRef (This=0x6f4b28) returned 0x2
[0204.114] DispGetIDsOfNames (in: ptinfo=0x6f4b28, rgszNames=0x19ef60*="SerialNumber", cNames=0x1, rgdispid=0x19ef50 | out: rgdispid=0x19ef50*=-1) returned 0x80020006
[0204.176] IUnknown:AddRef (This=0x707070) returned 0x3
[0204.176] IWbemClassObject:Get (in: This=0x707070, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0) returned 0x0
[0204.176] IUnknown:Release (This=0x707070) returned 0x2
[0204.176] SysStringLen (param_1="SerialNumber") returned 0xc
[0204.176] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x700f98
[0204.176] SysStringLen (param_1="SerialNumber") returned 0xc
[0204.176] IUnknown:Release (This=0x6f4b28) returned 0x1
[0204.176] IUnknown:AddRef (This=0x6f4b28) returned 0x2
[0204.176] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0204.176] GetCurrentThreadId () returned 0x1318
[0204.177] SysStringLen (param_1="SerialNumber") returned 0xc
[0204.177] IWbemClassObject:Get (in: This=0x707070, wszName="SerialNumber", lFlags=0, pVal=0x19ecd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ecd0*=1699124, plFlavor=0x0 | out: pVal=0x19ecd8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ecd0*=8, plFlavor=0x0) returned 0x0
[0204.178] IUnknown:Release (This=0x6f4b28) returned 0x1
[0204.179] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20
[0204.179] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20
[0204.349] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0
[0204.349] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0204.349] GetCurrentThreadId () returned 0x1318
[0204.349] IUnknown:AddRef (This=0x7037f0) returned 0x3
[0204.349] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0204.349] GetCurrentThreadId () returned 0x1318
[0204.350] IEnumWbemClassObject:Next (in: This=0x7037f0, lTimeout=-1, uCount=0x1, apObjects=0x19f3b4, puReturned=0x19f394 | out: apObjects=0x19f3b4*=0x0, puReturned=0x19f394*=0x0) returned 0x1
[0204.436] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f32c | out: pperrinfo=0x19f32c*=0x0) returned 0x1
[0204.436] IUnknown:Release (This=0x7037f0) returned 0x2
[0204.436] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3e4 | out: pperrinfo=0x19f3e4*=0x0) returned 0x1
[0204.654] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc
[0204.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3cc
[0204.714] SetEvent (hEvent=0x3cc) returned 1
[0204.744] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3bc*=0x3bc, lpdwindex=0x19f1dc | out: lpdwindex=0x19f1dc) returned 0x0
[0204.745] CoGetContextToken (in: pToken=0x19f288 | out: pToken=0x19f288) returned 0x0
[0204.745] CoGetContextToken (in: pToken=0x19f1e8 | out: pToken=0x19f1e8) returned 0x0
[0204.745] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x19f2b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2b4 | out: ppvObject=0x19f2b4*=0x707e90) returned 0x0
[0204.745] WbemDefPath:IUnknown:AddRef (This=0x707e90) returned 0x3
[0204.745] WbemDefPath:IUnknown:Release (This=0x707e90) returned 0x2
[0204.748] WbemDefPath:IWbemPath:SetText (This=0x707e90, uMode=0x4, pszPath="win32_processor") returned 0x0
[0204.751] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x707e90, puCount=0x19f43c | out: puCount=0x19f43c*=0x0) returned 0x0
[0204.751] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f438*=0x0, pszText=0x0 | out: puBuffLength=0x19f438*=0x10, pszText=0x0) returned 0x0
[0204.751] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f438*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f438*=0x10, pszText="win32_processor") returned 0x0
[0204.752] WbemDefPath:IWbemPath:GetInfo (in: This=0x707e90, uRequestedInfo=0x0, puResponse=0x19f444 | out: puResponse=0x19f444*=0xc15) returned 0x0
[0204.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x707e90, puCount=0x19f43c | out: puCount=0x19f43c*=0x0) returned 0x0
[0204.752] WbemDefPath:IWbemPath:GetInfo (in: This=0x707e90, uRequestedInfo=0x0, puResponse=0x19f444 | out: puResponse=0x19f444*=0xc15) returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x707e90, puCount=0x19f42c | out: puCount=0x19f42c*=0x0) returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f428*=0x0, pszText=0x0 | out: puBuffLength=0x19f428*=0x10, pszText=0x0) returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f428*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f428*=0x10, pszText="win32_processor") returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x707e90, puCount=0x19f42c | out: puCount=0x19f42c*=0x0) returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f428*=0x0, pszText=0x0 | out: puBuffLength=0x19f428*=0x10, pszText=0x0) returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f428*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f428*=0x10, pszText="win32_processor") returned 0x0
[0204.753] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x707e90, puCount=0x19f3bc | out: puCount=0x19f3bc*=0x0) returned 0x0
[0204.754] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
[0204.754] SetEvent (hEvent=0x3cc) returned 1
[0204.754] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec14*=0x3f4, lpdwindex=0x19ea34 | out: lpdwindex=0x19ea34) returned 0x0
[0204.794] CoGetContextToken (in: pToken=0x19eae0 | out: pToken=0x19eae0) returned 0x0
[0204.794] CoGetContextToken (in: pToken=0x19ea40 | out: pToken=0x19ea40) returned 0x0
[0204.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x19eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb0c | out: ppvObject=0x19eb0c*=0x6b4d70) returned 0x0
[0204.794] WbemDefPath:IUnknown:AddRef (This=0x6b4d70) returned 0x3
[0204.794] WbemDefPath:IUnknown:Release (This=0x6b4d70) returned 0x2
[0204.794] WbemDefPath:IWbemPath:SetText (This=0x6b4d70, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
[0204.794] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6b4d70, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x2) returned 0x0
[0204.794] WbemDefPath:IWbemPath:GetText (in: This=0x6b4d70, lFlags=4, puBuffLength=0x19f3a4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a4*=0xf, pszText=0x0) returned 0x0
[0204.795] WbemDefPath:IWbemPath:GetText (in: This=0x6b4d70, lFlags=4, puBuffLength=0x19f3a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0204.795] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f8
[0204.795] SetEvent (hEvent=0x3cc) returned 1
[0204.795] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f304*=0x3f8, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0
[0204.797] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0
[0204.797] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0
[0204.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x19f200*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x70a8d8) returned 0x0
[0204.797] WbemDefPath:IUnknown:AddRef (This=0x70a8d8) returned 0x3
[0204.797] WbemDefPath:IUnknown:Release (This=0x70a8d8) returned 0x2
[0204.797] WbemDefPath:IWbemPath:SetText (This=0x70a8d8, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0204.797] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x70a8d8, puCount=0x19f380 | out: puCount=0x19f380*=0x2) returned 0x0
[0204.797] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f37c*=0x0, pszText=0x0 | out: puBuffLength=0x19f37c*=0xf, pszText=0x0) returned 0x0
[0204.797] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f37c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f37c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0204.844] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a0*=0x410, lpdwindex=0x19f154 | out: lpdwindex=0x19f154) returned 0x0
[0207.503] CoGetContextToken (in: pToken=0x19f098 | out: pToken=0x19f098) returned 0x0
[0207.503] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0
[0207.503] IUnknown:QueryInterface (in: This=0x6b0138, riid=0x6f1cda0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x6b0148) returned 0x0
[0207.504] CObjectContext::ContextCallback () returned 0x0
[0207.640] IUnknown:Release (This=0x6b0148) returned 0x1
[0207.641] CoUnmarshalInterface (in: pStm=0x6e9f18, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f08c | out: ppv=0x19f08c*=0x6d9440) returned 0x0
[0207.641] CoMarshalInterface (pStm=0x6e9f18, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6d9440, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0207.642] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x6d9440) returned 0x0
[0207.642] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eee8 | out: ppvObject=0x19eee8*=0x0) returned 0x80004002
[0207.642] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed04 | out: ppvObject=0x19ed04*=0x0) returned 0x80004002
[0207.643] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eadc | out: ppvObject=0x19eadc*=0x0) returned 0x80004002
[0207.644] WbemLocator:IUnknown:AddRef (This=0x6d9440) returned 0x3
[0207.644] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e83c | out: ppvObject=0x19e83c*=0x0) returned 0x80004002
[0207.644] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7ec | out: ppvObject=0x19e7ec*=0x0) returned 0x80004002
[0207.644] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f8 | out: ppvObject=0x19e7f8*=0x6d939c) returned 0x0
[0207.644] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6d939c, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e800 | out: pCid=0x19e800*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0207.644] WbemLocator:IUnknown:Release (This=0x6d939c) returned 0x3
[0207.644] CoGetContextToken (in: pToken=0x19e858 | out: pToken=0x19e858) returned 0x0
[0207.645] CoGetContextToken (in: pToken=0x19ec60 | out: pToken=0x19ec60) returned 0x0
[0207.645] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecec | out: ppvObject=0x19ecec*=0x6d9424) returned 0x0
[0207.645] WbemLocator:IRpcOptions:Query (in: This=0x6d9424, pPrx=0x6d9440, dwProperty=2, pdwValue=0x19ecf8 | out: pdwValue=0x19ecf8) returned 0x0
[0207.645] WbemLocator:IUnknown:Release (This=0x6d9424) returned 0x3
[0207.645] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x2
[0207.645] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x1
[0207.645] CoGetContextToken (in: pToken=0x19efd8 | out: pToken=0x19efd8) returned 0x0
[0207.645] WbemLocator:IUnknown:AddRef (This=0x6d9440) returned 0x2
[0207.645] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x6d941c) returned 0x0
[0207.646] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d941c, pProxy=0x6d9440, pAuthnSvc=0x19f2e0, pAuthzSvc=0x19f2dc, pServerPrincName=0x19f2d4, pAuthnLevel=0x19f2d8, pImpLevel=0x19f2c8, pAuthInfo=0x19f2cc, pCapabilites=0x19f2d0 | out: pAuthnSvc=0x19f2e0*=0xa, pAuthzSvc=0x19f2dc*=0x0, pServerPrincName=0x19f2d4, pAuthnLevel=0x19f2d8*=0x6, pImpLevel=0x19f2c8*=0x2, pAuthInfo=0x19f2cc, pCapabilites=0x19f2d0*=0x1) returned 0x0
[0207.646] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x2
[0207.646] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x6d9440) returned 0x0
[0207.646] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x6d941c) returned 0x0
[0207.646] WbemLocator:IClientSecurity:SetBlanket (This=0x6d941c, pProxy=0x6d9440, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0207.646] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x3
[0207.646] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x2
[0207.646] CoTaskMemFree (pv=0x710cd8)
[0207.646] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x1
[0207.646] SysStringLen (param_1=0x0) returned 0x0
[0207.647] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0
[0207.647] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0
[0207.647] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x19f280*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x6ee520) returned 0x0
[0207.647] WbemLocator:IUnknown:AddRef (This=0x6ee520) returned 0x3
[0207.647] WbemLocator:IUnknown:Release (This=0x6ee520) returned 0x2
[0207.647] CoGetContextToken (in: pToken=0x19f210 | out: pToken=0x19f210) returned 0x0
[0207.647] WbemLocator:IUnknown:AddRef (This=0x6ee520) returned 0x3
[0207.648] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x6d941c) returned 0x0
[0207.648] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d941c, pProxy=0x6ee520, pAuthnSvc=0x19f2e0, pAuthzSvc=0x19f2dc, pServerPrincName=0x19f2d4, pAuthnLevel=0x19f2d8, pImpLevel=0x19f2c8, pAuthInfo=0x19f2cc, pCapabilites=0x19f2d0 | out: pAuthnSvc=0x19f2e0*=0xa, pAuthzSvc=0x19f2dc*=0x0, pServerPrincName=0x19f2d4, pAuthnLevel=0x19f2d8*=0x6, pImpLevel=0x19f2c8*=0x2, pAuthInfo=0x19f2cc, pCapabilites=0x19f2d0*=0x1) returned 0x0
[0207.648] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x3
[0207.648] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x6d9440) returned 0x0
[0207.648] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x6d941c) returned 0x0
[0207.648] WbemLocator:IClientSecurity:SetBlanket (This=0x6d941c, pProxy=0x6ee520, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0207.648] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x4
[0207.648] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x3
[0207.648] CoTaskMemFree (pv=0x710c48)
[0207.648] WbemLocator:IUnknown:Release (This=0x6ee520) returned 0x2
[0207.648] SysStringLen (param_1=0x0) returned 0x0
[0207.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x70a8d8, puCount=0x19f3a4 | out: puCount=0x19f3a4*=0x2) returned 0x0
[0207.649] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f3a0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a0*=0xf, pszText=0x0) returned 0x0
[0207.649] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f3a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0207.649] CoGetContextToken (in: pToken=0x19f010 | out: pToken=0x19f010) returned 0x0
[0207.649] CoUnmarshalInterface (in: pStm=0x6e9f18, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f004 | out: ppv=0x19f004*=0x6d9440) returned 0x0
[0207.649] CoMarshalInterface (pStm=0x6e9f18, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6d9440, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0207.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eea4 | out: ppvObject=0x19eea4*=0x6d9440) returned 0x0
[0207.650] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x3
[0207.650] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x2
[0207.650] CoGetContextToken (in: pToken=0x19ef50 | out: pToken=0x19ef50) returned 0x0
[0207.650] WbemLocator:IUnknown:AddRef (This=0x6d9440) returned 0x3
[0207.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f208 | out: ppvObject=0x19f208*=0x6d941c) returned 0x0
[0207.650] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d941c, pProxy=0x6d9440, pAuthnSvc=0x19f258, pAuthzSvc=0x19f254, pServerPrincName=0x19f24c, pAuthnLevel=0x19f250, pImpLevel=0x19f240, pAuthInfo=0x19f244, pCapabilites=0x19f248 | out: pAuthnSvc=0x19f258*=0xa, pAuthzSvc=0x19f254*=0x0, pServerPrincName=0x19f24c, pAuthnLevel=0x19f250*=0x6, pImpLevel=0x19f240*=0x3, pAuthInfo=0x19f244, pCapabilites=0x19f248*=0x20) returned 0x0
[0207.650] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x3
[0207.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x6d9440) returned 0x0
[0207.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9440, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x6d941c) returned 0x0
[0207.650] WbemLocator:IClientSecurity:SetBlanket (This=0x6d941c, pProxy=0x6d9440, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0207.651] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x4
[0207.651] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x3
[0207.651] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x2
[0207.651] SysStringLen (param_1=0x0) returned 0x0
[0207.651] CoGetContextToken (in: pToken=0x19f1c8 | out: pToken=0x19f1c8) returned 0x0
[0207.651] WbemLocator:IUnknown:AddRef (This=0x6ee520) returned 0x3
[0207.651] WbemLocator:IUnknown:Release (This=0x6ee520) returned 0x2
[0207.651] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0
[0207.651] WbemLocator:IUnknown:AddRef (This=0x6ee520) returned 0x3
[0207.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f208 | out: ppvObject=0x19f208*=0x6d941c) returned 0x0
[0207.651] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d941c, pProxy=0x6ee520, pAuthnSvc=0x19f258, pAuthzSvc=0x19f254, pServerPrincName=0x19f24c, pAuthnLevel=0x19f250, pImpLevel=0x19f240, pAuthInfo=0x19f244, pCapabilites=0x19f248 | out: pAuthnSvc=0x19f258*=0xa, pAuthzSvc=0x19f254*=0x0, pServerPrincName=0x19f24c, pAuthnLevel=0x19f250*=0x6, pImpLevel=0x19f240*=0x3, pAuthInfo=0x19f244, pCapabilites=0x19f248*=0x20) returned 0x0
[0207.651] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x3
[0207.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x6d9440) returned 0x0
[0207.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee520, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x6d941c) returned 0x0
[0207.651] WbemLocator:IClientSecurity:SetBlanket (This=0x6d941c, pProxy=0x6ee520, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0207.652] WbemLocator:IUnknown:Release (This=0x6d941c) returned 0x4
[0207.652] WbemLocator:IUnknown:Release (This=0x6d9440) returned 0x3
[0207.652] WbemLocator:IUnknown:Release (This=0x6ee520) returned 0x2
[0207.652] SysStringLen (param_1=0x0) returned 0x0
[0207.652] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0x10, pszText=0x0) returned 0x0
[0207.652] WbemDefPath:IWbemPath:GetText (in: This=0x707e90, lFlags=2, puBuffLength=0x19f3a8*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f3a8*=0x10, pszText="win32_processor") returned 0x0
[0207.842] IWbemServices:GetObject (in: This=0x6ee520, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f35c*=0x0, ppCallResult=0x0 | out: ppObject=0x19f35c*=0x710778, ppCallResult=0x0) returned 0x0
[0207.942] IWbemClassObject:Get (in: This=0x710778, wszName="__PATH", lFlags=0, pVal=0x19f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3ec*=0, plFlavor=0x19f3e8*=0 | out: pVal=0x19f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3ec*=8, plFlavor=0x19f3e8*=64) returned 0x0
[0207.946] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46
[0207.946] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46
[0207.947] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
[0207.947] SetEvent (hEvent=0x3cc) returned 1
[0207.947] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f300*=0x448, lpdwindex=0x19f11c | out: lpdwindex=0x19f11c) returned 0x0
[0207.951] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0
[0207.951] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0
[0207.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x19f200*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x70efa0) returned 0x0
[0207.951] WbemDefPath:IUnknown:AddRef (This=0x70efa0) returned 0x3
[0207.951] WbemDefPath:IUnknown:Release (This=0x70efa0) returned 0x2
[0207.951] WbemDefPath:IWbemPath:SetText (This=0x70efa0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0
[0207.951] IWbemClassObject:Get (in: This=0x710778, wszName="__CLASS", lFlags=0, pVal=0x19f3b4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f434*=0, plFlavor=0x19f430*=0 | out: pVal=0x19f3b4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f434*=8, plFlavor=0x19f430*=64) returned 0x0
[0207.952] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0207.952] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0207.952] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0
[0207.952] WbemLocator:IUnknown:AddRef (This=0x6ee520) returned 0x3
[0207.952] IWbemServices:CreateInstanceEnum (in: This=0x6ee520, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f3b0 | out: ppEnum=0x19f3b0*=0x702f58) returned 0x0
[0208.066] IUnknown:QueryInterface (in: This=0x702f58, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f23c | out: ppvObject=0x19f23c*=0x702f5c) returned 0x0
[0208.067] IClientSecurity:QueryBlanket (in: This=0x702f5c, pProxy=0x702f58, pAuthnSvc=0x19f28c, pAuthzSvc=0x19f288, pServerPrincName=0x19f280, pAuthnLevel=0x19f284, pImpLevel=0x19f274, pAuthInfo=0x19f278, pCapabilites=0x19f27c | out: pAuthnSvc=0x19f28c*=0xa, pAuthzSvc=0x19f288*=0x0, pServerPrincName=0x19f280, pAuthnLevel=0x19f284*=0x6, pImpLevel=0x19f274*=0x2, pAuthInfo=0x19f278, pCapabilites=0x19f27c*=0x1) returned 0x0
[0208.067] IUnknown:Release (This=0x702f5c) returned 0x1
[0208.067] IUnknown:QueryInterface (in: This=0x702f58, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f230 | out: ppvObject=0x19f230*=0x6d8440) returned 0x0
[0208.067] IUnknown:QueryInterface (in: This=0x702f58, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x702f5c) returned 0x0
[0208.067] IClientSecurity:SetBlanket (This=0x702f5c, pProxy=0x702f58, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0208.248] IUnknown:Release (This=0x702f5c) returned 0x2
[0208.248] WbemLocator:IUnknown:Release (This=0x6d8440) returned 0x1
[0208.248] CoTaskMemFree (pv=0x710c48)
[0208.248] IUnknown:QueryInterface (in: This=0x702f58, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee24 | out: ppvObject=0x19ee24*=0x6d8440) returned 0x0
[0208.248] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ede0 | out: ppvObject=0x19ede0*=0x0) returned 0x80004002
[0208.409] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebfc | out: ppvObject=0x19ebfc*=0x0) returned 0x80004002
[0208.847] IUnknown:QueryInterface (in: This=0x702f58, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9d4 | out: ppvObject=0x19e9d4*=0x0) returned 0x80004002
[0209.489] WbemLocator:IUnknown:AddRef (This=0x6d8440) returned 0x3
[0209.489] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e734 | out: ppvObject=0x19e734*=0x0) returned 0x80004002
[0209.489] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6e4 | out: ppvObject=0x19e6e4*=0x0) returned 0x80004002
[0209.489] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f0 | out: ppvObject=0x19e6f0*=0x6d839c) returned 0x0
[0209.489] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6d839c, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6f8 | out: pCid=0x19e6f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0209.489] WbemLocator:IUnknown:Release (This=0x6d839c) returned 0x3
[0209.489] CoGetContextToken (in: pToken=0x19e750 | out: pToken=0x19e750) returned 0x0
[0209.489] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0
[0209.489] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe4 | out: ppvObject=0x19ebe4*=0x6d8424) returned 0x0
[0209.490] WbemLocator:IRpcOptions:Query (in: This=0x6d8424, pPrx=0x6d8440, dwProperty=2, pdwValue=0x19ebf0 | out: pdwValue=0x19ebf0) returned 0x80004002
[0209.490] WbemLocator:IUnknown:Release (This=0x6d8424) returned 0x3
[0209.490] WbemLocator:IUnknown:Release (This=0x6d8440) returned 0x2
[0209.490] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0
[0209.490] CoGetContextToken (in: pToken=0x19f098 | out: pToken=0x19f098) returned 0x0
[0209.490] WbemLocator:IUnknown:QueryInterface (in: This=0x6d8440, riid=0x19f168*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f164 | out: ppvObject=0x19f164*=0x702f58) returned 0x0
[0209.490] IUnknown:AddRef (This=0x702f58) returned 0x4
[0209.490] IUnknown:Release (This=0x702f58) returned 0x3
[0209.490] IUnknown:Release (This=0x702f58) returned 0x2
[0209.490] WbemLocator:IUnknown:Release (This=0x6ee520) returned 0x2
[0209.490] SysStringLen (param_1=0x0) returned 0x0
[0209.491] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x70a8d8, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0
[0209.491] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0
[0209.491] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0209.491] CoGetContextToken (in: pToken=0x19f230 | out: pToken=0x19f230) returned 0x0
[0209.491] IUnknown:AddRef (This=0x702f58) returned 0x3
[0209.491] IEnumWbemClassObject:Clone (in: This=0x702f58, ppEnum=0x19f3ec | out: ppEnum=0x19f3ec*=0x703980) returned 0x0
[0209.624] IUnknown:QueryInterface (in: This=0x703980, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a8 | out: ppvObject=0x19f2a8*=0x703984) returned 0x0
[0209.624] IClientSecurity:QueryBlanket (in: This=0x703984, pProxy=0x703980, pAuthnSvc=0x19f2f8, pAuthzSvc=0x19f2f4, pServerPrincName=0x19f2ec, pAuthnLevel=0x19f2f0, pImpLevel=0x19f2e0, pAuthInfo=0x19f2e4, pCapabilites=0x19f2e8 | out: pAuthnSvc=0x19f2f8*=0xa, pAuthzSvc=0x19f2f4*=0x0, pServerPrincName=0x19f2ec, pAuthnLevel=0x19f2f0*=0x6, pImpLevel=0x19f2e0*=0x2, pAuthInfo=0x19f2e4, pCapabilites=0x19f2e8*=0x1) returned 0x0
[0209.625] IUnknown:Release (This=0x703984) returned 0x1
[0209.625] IUnknown:QueryInterface (in: This=0x703980, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x6d9840) returned 0x0
[0209.625] IUnknown:QueryInterface (in: This=0x703980, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f288 | out: ppvObject=0x19f288*=0x703984) returned 0x0
[0209.625] IClientSecurity:SetBlanket (This=0x703984, pProxy=0x703980, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0211.162] IUnknown:Release (This=0x703984) returned 0x2
[0211.162] WbemLocator:IUnknown:Release (This=0x6d9840) returned 0x1
[0211.162] CoTaskMemFree (pv=0x710d98)
[0211.162] IUnknown:QueryInterface (in: This=0x703980, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee84 | out: ppvObject=0x19ee84*=0x6d9840) returned 0x0
[0211.163] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee40 | out: ppvObject=0x19ee40*=0x0) returned 0x80004002
[0211.573] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec5c | out: ppvObject=0x19ec5c*=0x0) returned 0x80004002
[0211.677] IUnknown:QueryInterface (in: This=0x703980, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea34 | out: ppvObject=0x19ea34*=0x0) returned 0x80004002
[0211.871] WbemLocator:IUnknown:AddRef (This=0x6d9840) returned 0x3
[0211.871] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002
[0211.871] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002
[0211.871] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x6d979c) returned 0x0
[0211.871] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6d979c, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0211.871] WbemLocator:IUnknown:Release (This=0x6d979c) returned 0x3
[0211.871] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0
[0211.871] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0
[0211.871] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec44 | out: ppvObject=0x19ec44*=0x6d9824) returned 0x0
[0211.872] WbemLocator:IRpcOptions:Query (in: This=0x6d9824, pPrx=0x6d9840, dwProperty=2, pdwValue=0x19ec50 | out: pdwValue=0x19ec50) returned 0x80004002
[0211.872] WbemLocator:IUnknown:Release (This=0x6d9824) returned 0x3
[0211.872] WbemLocator:IUnknown:Release (This=0x6d9840) returned 0x2
[0211.872] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0
[0211.872] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0
[0211.872] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9840, riid=0x19f1c8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x703980) returned 0x0
[0211.872] IUnknown:AddRef (This=0x703980) returned 0x4
[0211.872] IUnknown:Release (This=0x703980) returned 0x3
[0211.872] IUnknown:Release (This=0x703980) returned 0x2
[0211.872] IUnknown:Release (This=0x702f58) returned 0x2
[0211.872] SysStringLen (param_1=0x0) returned 0x0
[0211.873] IEnumWbemClassObject:Reset (This=0x703980) returned 0x0
[0211.962] CoTaskMemAlloc (cb=0x4) returned 0x70b570
[0211.963] IEnumWbemClassObject:Next (This=0x703980, lTimeout=-1, uCount=0x1, apObjects=0x70b570, puReturned=0x2455074)
Thread:
id = 112
os_tid = 0x1314
Thread:
id = 113
os_tid = 0x10c8
Thread:
id = 114
os_tid = 0x6fc
[0193.599] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0193.599] RoInitialize () returned 0x1
[0193.599] RoUninitialize () returned 0x0
Thread:
id = 115
os_tid = 0xd5c
Thread:
id = 116
os_tid = 0x150
Thread:
id = 117
os_tid = 0x7bc
Thread:
id = 139
os_tid = 0xa1c
[0204.713] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.713] RoInitialize () returned 0x1
[0204.713] RoUninitialize () returned 0x0
[0204.737] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4def5bc | out: lpiid=0x4def5bc) returned 0x0
[0204.740] CoGetClassObject (in: rclsid=0x6f643c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f234d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4def2c8 | out: ppv=0x4def2c8*=0x70b430) returned 0x0
[0204.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x70b430, riid=0x6f2179fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4def4e4 | out: ppvObject=0x4def4e4*=0x0) returned 0x80004002
[0204.741] WbemDefPath:IClassFactory:CreateInstance (in: This=0x70b430, pUnkOuter=0x0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def4f0 | out: ppvObject=0x4def4f0*=0x707e90) returned 0x0
[0204.742] WbemDefPath:IUnknown:Release (This=0x70b430) returned 0x0
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def114 | out: ppvObject=0x4def114*=0x707e90) returned 0x0
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4def0d0 | out: ppvObject=0x4def0d0*=0x0) returned 0x80004002
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4deecc4 | out: ppvObject=0x4deecc4*=0x0) returned 0x80004002
[0204.742] WbemDefPath:IUnknown:AddRef (This=0x707e90) returned 0x3
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4deea24 | out: ppvObject=0x4deea24*=0x0) returned 0x80004002
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4dee9d4 | out: ppvObject=0x4dee9d4*=0x0) returned 0x80004002
[0204.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4dee9e0 | out: ppvObject=0x4dee9e0*=0x70b218) returned 0x0
[0204.742] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x70b218, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4dee9e8 | out: pCid=0x4dee9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0204.742] WbemDefPath:IUnknown:Release (This=0x70b218) returned 0x3
[0204.742] CoGetContextToken (in: pToken=0x4deea40 | out: pToken=0x4deea40) returned 0x0
[0204.744] CoGetContextToken (in: pToken=0x4deee48 | out: pToken=0x4deee48) returned 0x0
[0204.744] WbemDefPath:IUnknown:QueryInterface (in: This=0x707e90, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4deeed4 | out: ppvObject=0x4deeed4*=0x0) returned 0x80004002
[0204.744] WbemDefPath:IUnknown:Release (This=0x707e90) returned 0x2
[0204.744] WbemDefPath:IUnknown:Release (This=0x707e90) returned 0x1
[0204.744] SetEvent (hEvent=0x3bc) returned 1
[0204.791] CoGetClassObject (in: rclsid=0x6f643c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f234d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4def2c8 | out: ppv=0x4def2c8*=0x70b4b0) returned 0x0
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x70b4b0, riid=0x6f2179fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4def4e4 | out: ppvObject=0x4def4e4*=0x0) returned 0x80004002
[0204.792] WbemDefPath:IClassFactory:CreateInstance (in: This=0x70b4b0, pUnkOuter=0x0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def4f0 | out: ppvObject=0x4def4f0*=0x6b4d70) returned 0x0
[0204.792] WbemDefPath:IUnknown:Release (This=0x70b4b0) returned 0x0
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def114 | out: ppvObject=0x4def114*=0x6b4d70) returned 0x0
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4def0d0 | out: ppvObject=0x4def0d0*=0x0) returned 0x80004002
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4deecc4 | out: ppvObject=0x4deecc4*=0x0) returned 0x80004002
[0204.792] WbemDefPath:IUnknown:AddRef (This=0x6b4d70) returned 0x3
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4deea24 | out: ppvObject=0x4deea24*=0x0) returned 0x80004002
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4dee9d4 | out: ppvObject=0x4dee9d4*=0x0) returned 0x80004002
[0204.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4dee9e0 | out: ppvObject=0x4dee9e0*=0x70aab0) returned 0x0
[0204.793] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x70aab0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4dee9e8 | out: pCid=0x4dee9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0204.793] WbemDefPath:IUnknown:Release (This=0x70aab0) returned 0x3
[0204.793] CoGetContextToken (in: pToken=0x4deea40 | out: pToken=0x4deea40) returned 0x0
[0204.793] CoGetContextToken (in: pToken=0x4deee48 | out: pToken=0x4deee48) returned 0x0
[0204.793] WbemDefPath:IUnknown:QueryInterface (in: This=0x6b4d70, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4deeed4 | out: ppvObject=0x4deeed4*=0x0) returned 0x80004002
[0204.793] WbemDefPath:IUnknown:Release (This=0x6b4d70) returned 0x2
[0204.793] WbemDefPath:IUnknown:Release (This=0x6b4d70) returned 0x1
[0204.793] SetEvent (hEvent=0x3f4) returned 1
[0204.796] CoGetClassObject (in: rclsid=0x6f643c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f234d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4def2c8 | out: ppv=0x4def2c8*=0x70b530) returned 0x0
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70b530, riid=0x6f2179fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4def4e4 | out: ppvObject=0x4def4e4*=0x0) returned 0x80004002
[0204.796] WbemDefPath:IClassFactory:CreateInstance (in: This=0x70b530, pUnkOuter=0x0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def4f0 | out: ppvObject=0x4def4f0*=0x70a8d8) returned 0x0
[0204.796] WbemDefPath:IUnknown:Release (This=0x70b530) returned 0x0
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def114 | out: ppvObject=0x4def114*=0x70a8d8) returned 0x0
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4def0d0 | out: ppvObject=0x4def0d0*=0x0) returned 0x80004002
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4deecc4 | out: ppvObject=0x4deecc4*=0x0) returned 0x80004002
[0204.796] WbemDefPath:IUnknown:AddRef (This=0x70a8d8) returned 0x3
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4deea24 | out: ppvObject=0x4deea24*=0x0) returned 0x80004002
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4dee9d4 | out: ppvObject=0x4dee9d4*=0x0) returned 0x80004002
[0204.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4dee9e0 | out: ppvObject=0x4dee9e0*=0x70ac00) returned 0x0
[0204.796] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x70ac00, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4dee9e8 | out: pCid=0x4dee9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0204.796] WbemDefPath:IUnknown:Release (This=0x70ac00) returned 0x3
[0204.796] CoGetContextToken (in: pToken=0x4deea40 | out: pToken=0x4deea40) returned 0x0
[0204.797] CoGetContextToken (in: pToken=0x4deee48 | out: pToken=0x4deee48) returned 0x0
[0204.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x70a8d8, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4deeed4 | out: ppvObject=0x4deeed4*=0x0) returned 0x80004002
[0204.797] WbemDefPath:IUnknown:Release (This=0x70a8d8) returned 0x2
[0204.797] WbemDefPath:IUnknown:Release (This=0x70a8d8) returned 0x1
[0204.797] SetEvent (hEvent=0x3f8) returned 1
[0207.949] CoGetClassObject (in: rclsid=0x6f643c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f234d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4def2c8 | out: ppv=0x4def2c8*=0x70b440) returned 0x0
[0207.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x70b440, riid=0x6f2179fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4def4e4 | out: ppvObject=0x4def4e4*=0x0) returned 0x80004002
[0207.949] WbemDefPath:IClassFactory:CreateInstance (in: This=0x70b440, pUnkOuter=0x0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def4f0 | out: ppvObject=0x4def4f0*=0x70efa0) returned 0x0
[0207.949] WbemDefPath:IUnknown:Release (This=0x70b440) returned 0x0
[0207.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4def114 | out: ppvObject=0x4def114*=0x70efa0) returned 0x0
[0207.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4def0d0 | out: ppvObject=0x4def0d0*=0x0) returned 0x80004002
[0207.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4deecc4 | out: ppvObject=0x4deecc4*=0x0) returned 0x80004002
[0207.950] WbemDefPath:IUnknown:AddRef (This=0x70efa0) returned 0x3
[0207.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4deea24 | out: ppvObject=0x4deea24*=0x0) returned 0x80004002
[0207.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4dee9d4 | out: ppvObject=0x4dee9d4*=0x0) returned 0x80004002
[0207.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4dee9e0 | out: ppvObject=0x4dee9e0*=0x70ae88) returned 0x0
[0207.950] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x70ae88, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4dee9e8 | out: pCid=0x4dee9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0207.950] WbemDefPath:IUnknown:Release (This=0x70ae88) returned 0x3
[0207.950] CoGetContextToken (in: pToken=0x4deea40 | out: pToken=0x4deea40) returned 0x0
[0207.950] CoGetContextToken (in: pToken=0x4deee48 | out: pToken=0x4deee48) returned 0x0
[0207.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x70efa0, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4deeed4 | out: ppvObject=0x4deeed4*=0x0) returned 0x80004002
[0207.950] WbemDefPath:IUnknown:Release (This=0x70efa0) returned 0x2
[0207.950] WbemDefPath:IUnknown:Release (This=0x70efa0) returned 0x1
[0207.950] SetEvent (hEvent=0x448) returned 1
Thread:
id = 140
os_tid = 0x430
[0204.837] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.837] RoInitialize () returned 0x1
[0204.837] RoUninitialize () returned 0x0
[0204.837] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x4f2f7f4 | out: lpiid=0x4f2f7f4) returned 0x0
[0204.838] CoGetClassObject (in: rclsid=0x6f649c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f234d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4f2f500 | out: ppv=0x4f2f500*=0x70ac90) returned 0x0
[0204.838] WbemLocator:IUnknown:QueryInterface (in: This=0x70ac90, riid=0x6f2179fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f2f71c | out: ppvObject=0x4f2f71c*=0x0) returned 0x80004002
[0204.839] WbemLocator:IClassFactory:CreateInstance (in: This=0x70ac90, pUnkOuter=0x0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f728 | out: ppvObject=0x4f2f728*=0x70b4a0) returned 0x0
[0204.839] WbemLocator:IUnknown:Release (This=0x70ac90) returned 0x0
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f34c | out: ppvObject=0x4f2f34c*=0x70b4a0) returned 0x0
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f2f308 | out: ppvObject=0x4f2f308*=0x0) returned 0x80004002
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f2eefc | out: ppvObject=0x4f2eefc*=0x0) returned 0x80004002
[0204.839] WbemLocator:IUnknown:AddRef (This=0x70b4a0) returned 0x3
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f2ec5c | out: ppvObject=0x4f2ec5c*=0x0) returned 0x80004002
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f2ec0c | out: ppvObject=0x4f2ec0c*=0x0) returned 0x80004002
[0204.839] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2ec18 | out: ppvObject=0x4f2ec18*=0x0) returned 0x80004002
[0204.839] CoGetContextToken (in: pToken=0x4f2ec78 | out: pToken=0x4f2ec78) returned 0x0
[0204.839] CoGetObjectContext (in: riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x70ac94 | out: ppv=0x70ac94*=0x6b0138) returned 0x0
[0204.842] CoGetContextToken (in: pToken=0x4f2f080 | out: pToken=0x4f2f080) returned 0x0
[0204.842] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f10c | out: ppvObject=0x4f2f10c*=0x0) returned 0x80004002
[0204.842] WbemLocator:IUnknown:Release (This=0x70b4a0) returned 0x2
[0204.842] WbemLocator:IUnknown:Release (This=0x70b4a0) returned 0x1
[0204.843] CoGetContextToken (in: pToken=0x4f2f708 | out: pToken=0x4f2f708) returned 0x0
[0204.843] CoGetContextToken (in: pToken=0x4f2f668 | out: pToken=0x4f2f668) returned 0x0
[0204.843] WbemLocator:IUnknown:QueryInterface (in: This=0x70b4a0, riid=0x4f2f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x4f2f734 | out: ppvObject=0x4f2f734*=0x70b4a0) returned 0x0
[0204.843] WbemLocator:IUnknown:AddRef (This=0x70b4a0) returned 0x3
[0204.843] WbemLocator:IUnknown:Release (This=0x70b4a0) returned 0x2
[0204.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x70a8d8, puCount=0x4f2f8cc | out: puCount=0x4f2f8cc*=0x2) returned 0x0
[0204.847] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=8, puBuffLength=0x4f2f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x4f2f8c8*=0xf, pszText=0x0) returned 0x0
[0204.847] WbemDefPath:IWbemPath:GetText (in: This=0x70a8d8, lFlags=8, puBuffLength=0x4f2f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x4f2f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0204.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x4f2eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0204.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x4f2f048, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63
[0204.855] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x69800000
[0205.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x4f2f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity \x8dihÍ\x9d\x93(ú\x0boHóò\x04\x01", lpUsedDefaultChar=0x0) returned 13
[0205.028] GetProcAddress (hModule=0x69800000, lpProcName="ResetSecurity") returned 0x69802cc0
[0205.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x4f2f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11
[0205.036] GetProcAddress (hModule=0x69800000, lpProcName="SetSecurity") returned 0x69802d10
[0205.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x4f2f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 18
[0205.044] GetProcAddress (hModule=0x69800000, lpProcName="BlessIWbemServices") returned 0x69802090
[0205.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x4f2f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 24
[0205.068] GetProcAddress (hModule=0x69800000, lpProcName="BlessIWbemServicesObject") returned 0x698020f0
[0205.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x4f2f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 17
[0205.140] GetProcAddress (hModule=0x69800000, lpProcName="GetPropertyHandle") returned 0x698027a0
[0205.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x4f2f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 18
[0205.193] GetProcAddress (hModule=0x69800000, lpProcName="WritePropertyValue") returned 0x69802e50
[0205.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f2f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 5
[0205.204] GetProcAddress (hModule=0x69800000, lpProcName="Clone") returned 0x69802150
[0205.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x4f2f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15
[0205.213] GetProcAddress (hModule=0x69800000, lpProcName="VerifyClientKey") returned 0x69802e00
[0205.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x4f2f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15
[0205.218] GetProcAddress (hModule=0x69800000, lpProcName="GetQualifierSet") returned 0x69802860
[0205.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x4f2f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3
[0205.220] GetProcAddress (hModule=0x69800000, lpProcName="Get") returned 0x69802630
[0205.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x4f2f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3
[0205.309] GetProcAddress (hModule=0x69800000, lpProcName="Put") returned 0x69802970
[0205.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x4f2f084, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 6
[0205.638] GetProcAddress (hModule=0x69800000, lpProcName="Delete") returned 0x69802410
[0205.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x4f2f080, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 8
[0205.685] GetProcAddress (hModule=0x69800000, lpProcName="GetNames") returned 0x69802740
[0205.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x4f2f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 16
[0205.808] GetProcAddress (hModule=0x69800000, lpProcName="BeginEnumeration") returned 0x69802050
[0205.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x4f2f084, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 4
[0205.828] GetProcAddress (hModule=0x69800000, lpProcName="Next") returned 0x69802910
[0205.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x4f2f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 14
[0205.898] GetProcAddress (hModule=0x69800000, lpProcName="EndEnumeration") returned 0x698024d0
[0205.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x4f2f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23
[0205.908] GetProcAddress (hModule=0x69800000, lpProcName="GetPropertyQualifierSet") returned 0x69802830
[0205.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f2f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 5
[0205.922] GetProcAddress (hModule=0x69800000, lpProcName="Clone") returned 0x69802150
[0205.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x4f2f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 13
[0205.922] GetProcAddress (hModule=0x69800000, lpProcName="GetObjectText") returned 0x69802770
[0205.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x4f2f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 17
[0205.937] GetProcAddress (hModule=0x69800000, lpProcName="SpawnDerivedClass") returned 0x69802d60
[0206.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x4f2f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 13
[0206.000] GetProcAddress (hModule=0x69800000, lpProcName="SpawnInstance") returned 0x69802d90
[0206.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x4f2f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 9
[0206.004] GetProcAddress (hModule=0x69800000, lpProcName="CompareTo") returned 0x69802200
[0206.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x4f2f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 17
[0206.014] GetProcAddress (hModule=0x69800000, lpProcName="GetPropertyOrigin") returned 0x69802800
[0206.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x4f2f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 12
[0206.031] GetProcAddress (hModule=0x69800000, lpProcName="InheritsFrom") returned 0x69802880
[0206.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x4f2f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 9
[0206.084] GetProcAddress (hModule=0x69800000, lpProcName="GetMethod") returned 0x698026b0
[0206.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x4f2f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 9
[0206.102] GetProcAddress (hModule=0x69800000, lpProcName="PutMethod") returned 0x69802ae0
[0206.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x4f2f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 12
[0206.118] GetProcAddress (hModule=0x69800000, lpProcName="DeleteMethod") returned 0x69802430
[0206.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x4f2f074, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 22
[0206.120] GetProcAddress (hModule=0x69800000, lpProcName="BeginMethodEnumeration") returned 0x69802070
[0206.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x4f2f080, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 10
[0206.122] GetProcAddress (hModule=0x69800000, lpProcName="NextMethod") returned 0x69802940
[0206.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x4f2f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 20
[0206.190] GetProcAddress (hModule=0x69800000, lpProcName="EndMethodEnumeration") returned 0x698024f0
[0206.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x4f2f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 21
[0206.194] GetProcAddress (hModule=0x69800000, lpProcName="GetMethodQualifierSet") returned 0x69802710
[0206.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x4f2f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15
[0206.195] GetProcAddress (hModule=0x69800000, lpProcName="GetMethodOrigin") returned 0x698026e0
[0206.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x4f2f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 16
[0206.197] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_Get") returned 0x69802b70
[0206.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x4f2f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 16
[0206.218] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_Put") returned 0x69802c00
[0206.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x4f2f074, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19
[0206.313] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_Delete") returned 0x69802b30
[0206.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x4f2f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 21
[0206.314] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_GetNames") returned 0x69802ba0
[0206.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x4f2f06c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 29
[0206.381] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_BeginEnumeration") returned 0x69802b10
[0206.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x4f2f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 17
[0206.383] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_Next") returned 0x69802bd0
[0206.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x4f2f06c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27
[0206.400] GetProcAddress (hModule=0x69800000, lpProcName="QualifierSet_EndEnumeration") returned 0x69802b50
[0206.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x4f2f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23
[0206.402] GetProcAddress (hModule=0x69800000, lpProcName="GetCurrentApartmentType") returned 0x69802860
[0206.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x4f2f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 20
[0206.415] GetProcAddress (hModule=0x69800000, lpProcName="GetDemultiplexedStub") returned 0x69802660
[0206.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x4f2f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 21
[0206.477] GetProcAddress (hModule=0x69800000, lpProcName="CreateInstanceEnumWmi") returned 0x69802380
[0206.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x4f2f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 18
[0206.597] GetProcAddress (hModule=0x69800000, lpProcName="CreateClassEnumWmi") returned 0x698022f0
[0206.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x4f2f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 12
[0206.602] GetProcAddress (hModule=0x69800000, lpProcName="ExecQueryWmi") returned 0x698025a0
[0206.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x4f2f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 24
[0206.717] GetProcAddress (hModule=0x69800000, lpProcName="ExecNotificationQueryWmi") returned 0x69802510
[0206.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x4f2f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi\x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 14
[0206.773] GetProcAddress (hModule=0x69800000, lpProcName="PutInstanceWmi") returned 0x69802a40
[0206.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x4f2f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11
[0206.810] GetProcAddress (hModule=0x69800000, lpProcName="PutClassWmi") returned 0x698029a0
[0206.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x4f2f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 24
[0206.811] GetProcAddress (hModule=0x69800000, lpProcName="CloneEnumWbemClassObject") returned 0x69802170
[0206.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x4f2f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi´ \x8dihÍ\x9d\x93(ú\x0boHóò\x04", lpUsedDefaultChar=0x0) returned 16
[0206.897] GetProcAddress (hModule=0x69800000, lpProcName="ConnectServerWmi") returned 0x69802230
[0207.001] CoCreateInstance (in: rclsid=0x698013b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69801414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x4f2f7a4 | out: ppv=0x4f2f7a4*=0x70b430) returned 0x0
[0207.054] WbemLocator:IWbemLocator:ConnectServer (in: This=0x70b430, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x4f2f838 | out: ppNamespace=0x4f2f838*=0x6ee200) returned 0x0
[0207.311] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee200, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f6cc | out: ppvObject=0x4f2f6cc*=0x6d931c) returned 0x0
[0207.311] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6d931c, pProxy=0x6ee200, pAuthnSvc=0x4f2f71c, pAuthzSvc=0x4f2f718, pServerPrincName=0x4f2f710, pAuthnLevel=0x4f2f714, pImpLevel=0x4f2f704, pAuthInfo=0x4f2f708, pCapabilites=0x4f2f70c | out: pAuthnSvc=0x4f2f71c*=0xa, pAuthzSvc=0x4f2f718*=0x0, pServerPrincName=0x4f2f710, pAuthnLevel=0x4f2f714*=0x6, pImpLevel=0x4f2f704*=0x2, pAuthInfo=0x4f2f708, pCapabilites=0x4f2f70c*=0x1) returned 0x0
[0207.311] WbemLocator:IUnknown:Release (This=0x6d931c) returned 0x1
[0207.311] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee200, riid=0x69801224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f6c0 | out: ppvObject=0x4f2f6c0*=0x6d9340) returned 0x0
[0207.311] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee200, riid=0x69801234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f6ac | out: ppvObject=0x4f2f6ac*=0x6d931c) returned 0x0
[0207.311] WbemLocator:IClientSecurity:SetBlanket (This=0x6d931c, pProxy=0x6ee200, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0207.312] WbemLocator:IUnknown:Release (This=0x6d931c) returned 0x2
[0207.312] WbemLocator:IUnknown:Release (This=0x6d9340) returned 0x1
[0207.312] CoTaskMemFree (pv=0x710b28)
[0207.312] WbemLocator:IUnknown:Release (This=0x70b430) returned 0x0
[0207.312] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee200, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f2bc | out: ppvObject=0x4f2f2bc*=0x6d9340) returned 0x0
[0207.312] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f259c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f2f278 | out: ppvObject=0x4f2f278*=0x0) returned 0x80004002
[0207.347] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f259bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f2f094 | out: ppvObject=0x4f2f094*=0x0) returned 0x80004002
[0207.393] WbemLocator:IUnknown:QueryInterface (in: This=0x6ee200, riid=0x6f259c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f2ee6c | out: ppvObject=0x4f2ee6c*=0x0) returned 0x80004002
[0207.440] WbemLocator:IUnknown:AddRef (This=0x6d9340) returned 0x3
[0207.441] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f2598cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f2ebcc | out: ppvObject=0x4f2ebcc*=0x0) returned 0x80004002
[0207.441] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f259820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f2eb7c | out: ppvObject=0x4f2eb7c*=0x0) returned 0x80004002
[0207.441] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f0fa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2eb88 | out: ppvObject=0x4f2eb88*=0x6d929c) returned 0x0
[0207.441] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6d929c, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4f2eb90 | out: pCid=0x4f2eb90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0207.441] WbemLocator:IUnknown:Release (This=0x6d929c) returned 0x3
[0207.441] CoGetContextToken (in: pToken=0x4f2ebe8 | out: pToken=0x4f2ebe8) returned 0x0
[0207.442] CoGetContextToken (in: pToken=0x4f2eff0 | out: pToken=0x4f2eff0) returned 0x0
[0207.442] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x6f259b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f2f07c | out: ppvObject=0x4f2f07c*=0x6d9324) returned 0x0
[0207.442] WbemLocator:IRpcOptions:Query (in: This=0x6d9324, pPrx=0x6d9340, dwProperty=2, pdwValue=0x4f2f088 | out: pdwValue=0x4f2f088) returned 0x80004002
[0207.442] WbemLocator:IUnknown:Release (This=0x6d9324) returned 0x3
[0207.442] WbemLocator:IUnknown:Release (This=0x6d9340) returned 0x2
[0207.442] CoGetContextToken (in: pToken=0x4f2f5d0 | out: pToken=0x4f2f5d0) returned 0x0
[0207.442] CoGetContextToken (in: pToken=0x4f2f530 | out: pToken=0x4f2f530) returned 0x0
[0207.442] WbemLocator:IUnknown:QueryInterface (in: This=0x6d9340, riid=0x4f2f600*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x4f2f5fc | out: ppvObject=0x4f2f5fc*=0x6ee200) returned 0x0
[0207.442] WbemLocator:IUnknown:AddRef (This=0x6ee200) returned 0x4
[0207.442] WbemLocator:IUnknown:Release (This=0x6ee200) returned 0x3
[0207.442] WbemLocator:IUnknown:Release (This=0x6ee200) returned 0x2
[0207.448] SysStringLen (param_1=0x0) returned 0x0
[0207.449] CoUninitialize ()
Thread:
id = 141
os_tid = 0x8d0
[0207.637] CoGetContextToken (in: pToken=0x4f2f26c | out: pToken=0x4f2f26c) returned 0x0
[0207.637] CoGetContextToken (in: pToken=0x4f2f25c | out: pToken=0x4f2f25c) returned 0x0
[0207.638] CoGetMarshalSizeMax (in: pulSize=0x4f2f218, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6d9340, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f2f218) returned 0x0
[0207.639] CoMarshalInterface (pStm=0x6e9f18, riid=0x6f0ede2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6d9340, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
Process:
id = "8"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x625ef000"
os_pid = "0x1114"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004d2ca" [0xc000000f]
Region:
id = 1432
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1433
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1434
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1435
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1436
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1437
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1438
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1439
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1440
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1441
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1442
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1443
start_va = 0x1f0000
end_va = 0x1f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1444
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1445
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1446
start_va = 0x490000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1447
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 1448
start_va = 0x520000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 1449
start_va = 0x620000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 1450
start_va = 0x6e0000
end_va = 0x6e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 1451
start_va = 0x700000
end_va = 0x702fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "security.dll"
filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")
Region:
id = 1452
start_va = 0x710000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 1453
start_va = 0x720000
end_va = 0xa56fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1454
start_va = 0xa60000
end_va = 0xbe7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 1455
start_va = 0xbf0000
end_va = 0xd70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bf0000"
filename = ""
Region:
id = 1456
start_va = 0xd80000
end_va = 0xe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d80000"
filename = ""
Region:
id = 1457
start_va = 0xe80000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 1458
start_va = 0xf00000
end_va = 0xf7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 1459
start_va = 0xf80000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 1460
start_va = 0x1000000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1461
start_va = 0x1080000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 1462
start_va = 0x1100000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 1463
start_va = 0x1180000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 1464
start_va = 0x1210000
end_va = 0x130ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 1465
start_va = 0x1320000
end_va = 0x1322fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cimwin32.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")
Region:
id = 1466
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1467
start_va = 0x180000000
end_va = 0x180002fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmi.dll"
filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")
Region:
id = 1468
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1469
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1470
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1471
start_va = 0x7ff7aedf0000
end_va = 0x7ff7aee6ffff
monitored = 0
entry_point = 0x7ff7aee05f50
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1472
start_va = 0x7ff9fbf60000
end_va = 0x7ff9fc12efff
monitored = 1
entry_point = 0x7ff9fbf87df0
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 1473
start_va = 0x7ff9fc3d0000
end_va = 0x7ff9fc3ddfff
monitored = 0
entry_point = 0x7ff9fc3d1da0
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 1474
start_va = 0x7ff9fe370000
end_va = 0x7ff9fe383fff
monitored = 0
entry_point = 0x7ff9fe371310
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 1475
start_va = 0x7ff9fe490000
end_va = 0x7ff9fe49afff
monitored = 0
entry_point = 0x7ff9fe4912b0
region_type = mapped_file
name = "schedcli.dll"
filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")
Region:
id = 1476
start_va = 0x7ffa06830000
end_va = 0x7ffa06855fff
monitored = 0
entry_point = 0x7ffa06831cf0
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1477
start_va = 0x7ffa07ad0000
end_va = 0x7ffa07ae5fff
monitored = 0
entry_point = 0x7ffa07ad55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1478
start_va = 0x7ffa07c90000
end_va = 0x7ffa07cb4fff
monitored = 0
entry_point = 0x7ffa07c99900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1479
start_va = 0x7ffa07cc0000
end_va = 0x7ffa07cd3fff
monitored = 0
entry_point = 0x7ffa07cc1800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1480
start_va = 0x7ffa07ce0000
end_va = 0x7ffa07dd5fff
monitored = 0
entry_point = 0x7ffa07d19590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1481
start_va = 0x7ffa08390000
end_va = 0x7ffa083a0fff
monitored = 0
entry_point = 0x7ffa08392fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1482
start_va = 0x7ffa08a00000
end_va = 0x7ffa08a0bfff
monitored = 0
entry_point = 0x7ffa08a035c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1483
start_va = 0x7ffa09490000
end_va = 0x7ffa0950efff
monitored = 1
entry_point = 0x7ffa094a7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1484
start_va = 0x7ffa0afc0000
end_va = 0x7ffa0afd1fff
monitored = 0
entry_point = 0x7ffa0afc3580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1485
start_va = 0x7ffa0c160000
end_va = 0x7ffa0c1adfff
monitored = 0
entry_point = 0x7ffa0c171ce0
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 1486
start_va = 0x7ffa0c300000
end_va = 0x7ffa0c318fff
monitored = 0
entry_point = 0x7ffa0c304520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1487
start_va = 0x7ffa0e880000
end_va = 0x7ffa0e895fff
monitored = 0
entry_point = 0x7ffa0e881b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1488
start_va = 0x7ffa0f030000
end_va = 0x7ffa0f06dfff
monitored = 0
entry_point = 0x7ffa0f03a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1489
start_va = 0x7ffa0f3e0000
end_va = 0x7ffa0f3f0fff
monitored = 0
entry_point = 0x7ffa0f3e3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1490
start_va = 0x7ffa0ff20000
end_va = 0x7ffa0ff29fff
monitored = 0
entry_point = 0x7ffa0ff21660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1491
start_va = 0x7ffa11410000
end_va = 0x7ffa11422fff
monitored = 0
entry_point = 0x7ffa11412760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1492
start_va = 0x7ffa117d0000
end_va = 0x7ffa117f6fff
monitored = 0
entry_point = 0x7ffa117d7940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1493
start_va = 0x7ffa121a0000
end_va = 0x7ffa121abfff
monitored = 0
entry_point = 0x7ffa121a27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1494
start_va = 0x7ffa122e0000
end_va = 0x7ffa12359fff
monitored = 0
entry_point = 0x7ffa12301a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1495
start_va = 0x7ffa12a10000
end_va = 0x7ffa12a3cfff
monitored = 0
entry_point = 0x7ffa12a29d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1496
start_va = 0x7ffa12ba0000
end_va = 0x7ffa12bf5fff
monitored = 0
entry_point = 0x7ffa12bb0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1497
start_va = 0x7ffa12c20000
end_va = 0x7ffa12c48fff
monitored = 0
entry_point = 0x7ffa12c34530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1498
start_va = 0x7ffa12db0000
end_va = 0x7ffa12dbffff
monitored = 0
entry_point = 0x7ffa12db56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1499
start_va = 0x7ffa12dc0000
end_va = 0x7ffa12e0afff
monitored = 0
entry_point = 0x7ffa12dc35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1500
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1501
start_va = 0x7ffa12f40000
end_va = 0x7ffa13106fff
monitored = 0
entry_point = 0x7ffa12f9db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1502
start_va = 0x7ffa13110000
end_va = 0x7ffa13126fff
monitored = 0
entry_point = 0x7ffa13111390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1503
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1504
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1505
start_va = 0x7ffa13390000
end_va = 0x7ffa133d2fff
monitored = 0
entry_point = 0x7ffa133a4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1506
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1507
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1508
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1509
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1510
start_va = 0x7ffa14220000
end_va = 0x7ffa142c6fff
monitored = 0
entry_point = 0x7ffa1422b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1511
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1512
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1513
start_va = 0x7ffa146e0000
end_va = 0x7ffa1474afff
monitored = 0
entry_point = 0x7ffa146f90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1514
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1515
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1516
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1517
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1568
start_va = 0x400000
end_va = 0x401fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 1569
start_va = 0x1330000
end_va = 0x142ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 1570
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1571
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1572
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1573
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1574
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1575
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1576
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1577
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1578
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1579
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1643
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1644
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1645
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.dll.mui"
filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui")
Region:
id = 1646
start_va = 0x1430000
end_va = 0x14ebfff
monitored = 0
entry_point = 0x146c480
region_type = mapped_file
name = "lsm.dll"
filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll")
Region:
id = 1647
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.dll.mui"
filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui")
Region:
id = 1648
start_va = 0x1430000
end_va = 0x14ebfff
monitored = 0
entry_point = 0x146c480
region_type = mapped_file
name = "lsm.dll"
filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll")
Region:
id = 1649
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1650
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1652
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1653
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1654
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1655
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1656
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1657
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1658
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1659
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1660
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1661
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1662
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1663
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1664
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1665
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1666
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1667
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1669
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1670
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1671
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1672
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1673
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1674
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1675
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1676
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1677
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1678
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1679
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1680
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1681
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1682
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1683
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1684
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1685
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1686
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1687
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1688
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1689
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1690
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1691
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1692
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1693
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1694
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1695
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1696
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1697
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1698
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1699
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1700
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1701
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1702
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1703
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1704
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1705
start_va = 0x410000
end_va = 0x476fff
monitored = 0
entry_point = 0x4163e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1706
start_va = 0x1430000
end_va = 0x144cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fwpuclnt.dll.mui"
filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui")
Region:
id = 1707
start_va = 0x410000
end_va = 0x469fff
monitored = 0
entry_point = 0x455b00
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1708
start_va = 0x470000
end_va = 0x473fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1709
start_va = 0x410000
end_va = 0x469fff
monitored = 0
entry_point = 0x455b00
region_type = mapped_file
name = "pnrpsvc.dll"
filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll")
Region:
id = 1710
start_va = 0x470000
end_va = 0x473fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pnrpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui")
Region:
id = 1711
start_va = 0x410000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1712
start_va = 0x1430000
end_va = 0x1511fff
monitored = 0
entry_point = 0x148d100
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1713
start_va = 0x410000
end_va = 0x410fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "azroles.dll.mui"
filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui")
Region:
id = 1714
start_va = 0x1430000
end_va = 0x1511fff
monitored = 0
entry_point = 0x148d100
region_type = mapped_file
name = "azroles.dll"
filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll")
Region:
id = 1715
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1716
start_va = 0x1430000
end_va = 0x1513fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1718
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1719
start_va = 0x1430000
end_va = 0x1513fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1720
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1721
start_va = 0x1430000
end_va = 0x14c2fff
monitored = 0
entry_point = 0x14a9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1722
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1723
start_va = 0x1430000
end_va = 0x14c2fff
monitored = 0
entry_point = 0x14a9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1724
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1725
start_va = 0x1430000
end_va = 0x14d0fff
monitored = 0
entry_point = 0x14c3000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1726
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1727
start_va = 0x1430000
end_va = 0x14d0fff
monitored = 0
entry_point = 0x14c3000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1728
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1729
start_va = 0x1430000
end_va = 0x14b5fff
monitored = 0
entry_point = 0x14a1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1730
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1731
start_va = 0x1430000
end_va = 0x14b5fff
monitored = 0
entry_point = 0x14a1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1732
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1733
start_va = 0x1430000
end_va = 0x14b5fff
monitored = 0
entry_point = 0x14a1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1734
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1735
start_va = 0x1430000
end_va = 0x14b5fff
monitored = 0
entry_point = 0x14a1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1736
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1737
start_va = 0x1430000
end_va = 0x14e7fff
monitored = 0
entry_point = 0x1431d30
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1738
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1739
start_va = 0x1430000
end_va = 0x14e7fff
monitored = 0
entry_point = 0x1431d30
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1740
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1741
start_va = 0x1430000
end_va = 0x14e7fff
monitored = 0
entry_point = 0x1431d30
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1742
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cscsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui")
Region:
id = 1743
start_va = 0x1430000
end_va = 0x14e7fff
monitored = 0
entry_point = 0x1431d30
region_type = mapped_file
name = "cscsvc.dll"
filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")
Region:
id = 1744
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1745
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1746
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1747
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1748
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1749
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1750
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1751
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1752
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1753
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1754
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1755
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1756
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1757
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1758
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1759
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1760
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1761
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1762
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1763
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1764
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1765
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1766
start_va = 0x410000
end_va = 0x41cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 1767
start_va = 0x1430000
end_va = 0x1522fff
monitored = 0
entry_point = 0x1455d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1768
start_va = 0x410000
end_va = 0x41efff
monitored = 0
entry_point = 0x4136e0
region_type = mapped_file
name = "dmvsc.sys"
filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys")
Region:
id = 1769
start_va = 0x420000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dmvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui")
Region:
id = 1770
start_va = 0x410000
end_va = 0x41efff
monitored = 0
entry_point = 0x4136e0
region_type = mapped_file
name = "dmvsc.sys"
filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys")
Region:
id = 1771
start_va = 0x420000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dmvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui")
Region:
id = 1772
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1773
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1774
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1775
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1776
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1777
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1778
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1779
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1780
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1781
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1782
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1783
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1784
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1785
start_va = 0x1430000
end_va = 0x153efff
monitored = 0
entry_point = 0x146c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1786
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1787
start_va = 0x1430000
end_va = 0x153efff
monitored = 0
entry_point = 0x146c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1788
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x413630
region_type = mapped_file
name = "umpoext.dll"
filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")
Region:
id = 1789
start_va = 0x430000
end_va = 0x431fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpoext.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui")
Region:
id = 1790
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x413630
region_type = mapped_file
name = "umpoext.dll"
filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")
Region:
id = 1791
start_va = 0x430000
end_va = 0x431fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpoext.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui")
Region:
id = 1792
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x413630
region_type = mapped_file
name = "umpoext.dll"
filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")
Region:
id = 1793
start_va = 0x430000
end_va = 0x431fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpoext.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui")
Region:
id = 1794
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x413630
region_type = mapped_file
name = "umpoext.dll"
filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")
Region:
id = 1795
start_va = 0x430000
end_va = 0x431fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "umpoext.dll.mui"
filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui")
Region:
id = 1796
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1797
start_va = 0x1430000
end_va = 0x1686fff
monitored = 0
entry_point = 0x163ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1798
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1799
start_va = 0x1430000
end_va = 0x1686fff
monitored = 0
entry_point = 0x163ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1800
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1801
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1802
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1803
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1804
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1805
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1806
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1807
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1808
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1809
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1810
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1811
start_va = 0x1430000
end_va = 0x1540fff
monitored = 0
entry_point = 0x1521bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Thread:
id = 118
os_tid = 0x1170
Thread:
id = 119
os_tid = 0x116c
Thread:
id = 120
os_tid = 0x1164
[0202.837] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2
[0202.930] RtlRestoreLastWin32Error () returned 0x2d8000
[0202.930] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10fe010 | out: pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10fe010) returned 1
[0202.930] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x548800
[0202.930] RtlRestoreLastWin32Error () returned 0x2d8000
[0202.930] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x548800, pcchLanguagesBuffer=0x10fe010 | out: pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x548800, pcchLanguagesBuffer=0x10fe010) returned 1
[0202.930] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x548910
[0202.930] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x548800) returned 1
[0202.930] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x59b9b0
[0202.930] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x59b9b0, pulNumLanguages=0x10fe118 | out: pulNumLanguages=0x10fe118) returned 1
[0202.930] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x59b9b0) returned 1
[0203.116] LoadStringW (in: hInstance=0x7ff9fbf60000, uID=0x3e, lpBuffer=0x10fd6c0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa
[0203.118] lstrlenW (lpString="Dell Inc.") returned 9
[0203.118] lstrlenW (lpString="0G3HR7") returned 6
[0203.119] lstrlenW (lpString="A00") returned 3
[0203.119] lstrlenW (lpString="..XXXXXXXXXXXXX.") returned 16
[0203.196] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x5487a0
[0203.196] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x5487a0, pulNumLanguages=0x10fe1c0 | out: pulNumLanguages=0x10fe1c0) returned 1
[0203.197] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x5487a0) returned 1
[0203.197] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x548910) returned 1
[0208.063] RtlRestoreLastWin32Error () returned 0x2d8000
[0208.063] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10fe010 | out: pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10fe010) returned 1
[0208.063] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x548910
[0208.063] RtlRestoreLastWin32Error () returned 0x2d8000
[0208.063] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x548910, pcchLanguagesBuffer=0x10fe010 | out: pulNumLanguages=0x10fe118, pwszLanguagesBuffer=0x548910, pcchLanguagesBuffer=0x10fe010) returned 1
[0208.063] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5487a0
[0208.063] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x548910) returned 1
[0208.063] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x59bb70
[0208.063] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x59bb70, pulNumLanguages=0x10fe118 | out: pulNumLanguages=0x10fe118) returned 1
[0208.063] RtlFreeHeap (HeapHandle=0x520000, Flags=0x0, BaseAddress=0x59bb70) returned 1
[0208.116] malloc (_Size=0x600) returned 0xda89c0
[0208.117] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x10fd7f8 | out: Buffer=0x0, ReturnedLength=0x10fd7f8) returned 0
[0208.117] GetLastError () returned 0x7a
[0208.117] malloc (_Size=0x250) returned 0xda5c50
[0208.117] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xda5c50, ReturnedLength=0x10fd7f8 | out: Buffer=0xda5c50, ReturnedLength=0x10fd7f8) returned 1
[0208.117] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4
[0208.117] GetMaximumProcessorGroupCount () returned 0x1
[0208.117] malloc (_Size=0x40) returned 0xda1f10
[0208.117] malloc (_Size=0x40) returned 0xda2000
[0208.117] malloc (_Size=0x8) returned 0xda5bd0
[0208.117] memcpy (in: _Dst=0xda1f10, _Src=0xda5c70, _Size=0x10 | out: _Dst=0xda1f10) returned 0xda1f10
[0208.167] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4
[0208.167] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x10fd7f0, InputBufferLength=0x2, OutputBuffer=0xda89c0, OutputBufferLength=0x60 | out: OutputBuffer=0xda89c0) returned 0x0
[0208.167] _vsnwprintf (in: _Buffer=0x10fd690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x10fcf88 | out: _Buffer="CPU0") returned 4
[0208.168] GetCurrentThread () returned 0xfffffffffffffffe
[0208.168] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x10fcee0, PreviousGroupAffinity=0x10fcef0 | out: PreviousGroupAffinity=0x10fcef0) returned 1
[0208.169] GetSystemInfo (in: lpSystemInfo=0x10fd020 | out: lpSystemInfo=0x10fd020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504))
[0208.169] mbstowcs (in: _Dest=0x10fd2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc
[0208.169] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0
[0208.171] mbstowcs (in: _Dest=0x10fd118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27
[0208.171] GetCurrentThread () returned 0xfffffffffffffffe
[0208.171] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x10fcef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1
[0208.177] LoadStringW (in: hInstance=0x7ff9fbf60000, uID=0x2c, lpBuffer=0x10fccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6
Thread:
id = 121
os_tid = 0x115c
Thread:
id = 122
os_tid = 0x1148
Thread:
id = 123
os_tid = 0x1144
Thread:
id = 124
os_tid = 0x1140
Thread:
id = 125
os_tid = 0x113c
Thread:
id = 126
os_tid = 0x1118
Process:
id = "9"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x6949a000"
os_pid = "0x41c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1580
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1581
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1582
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1583
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1584
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1585
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1586
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1587
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1588
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1589
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1590
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1591
start_va = 0x1f0000
end_va = 0x1f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1592
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1593
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1594
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 1595
start_va = 0x550000
end_va = 0x550fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1596
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 1597
start_va = 0x5b0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 1598
start_va = 0x6b0000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1599
start_va = 0x730000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 1600
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1601
start_va = 0x830000
end_va = 0xb66fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1602
start_va = 0xb70000
end_va = 0xcf7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b70000"
filename = ""
Region:
id = 1603
start_va = 0xd00000
end_va = 0xe80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d00000"
filename = ""
Region:
id = 1604
start_va = 0xe90000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e90000"
filename = ""
Region:
id = 1605
start_va = 0xf90000
end_va = 0x100ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 1606
start_va = 0x1010000
end_va = 0x108ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 1607
start_va = 0x1090000
end_va = 0x110ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001090000"
filename = ""
Region:
id = 1608
start_va = 0x1110000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 1609
start_va = 0x1190000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 1610
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1611
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1612
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1613
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1614
start_va = 0x7ff7aedf0000
end_va = 0x7ff7aee6ffff
monitored = 0
entry_point = 0x7ff7aee05f50
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1615
start_va = 0x7ff9fbee0000
end_va = 0x7ff9fbf2cfff
monitored = 0
entry_point = 0x7ff9fbeeb470
region_type = mapped_file
name = "pdh.dll"
filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")
Region:
id = 1616
start_va = 0x7ff9fbf30000
end_va = 0x7ff9fbf54fff
monitored = 1
entry_point = 0x7ff9fbf45dc0
region_type = mapped_file
name = "wmiperfclass.dll"
filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")
Region:
id = 1617
start_va = 0x7ffa00c80000
end_va = 0x7ffa00cbcfff
monitored = 1
entry_point = 0x7ffa00c8b760
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 1618
start_va = 0x7ffa07ad0000
end_va = 0x7ffa07ae5fff
monitored = 0
entry_point = 0x7ffa07ad55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1619
start_va = 0x7ffa07c90000
end_va = 0x7ffa07cb4fff
monitored = 0
entry_point = 0x7ffa07c99900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1620
start_va = 0x7ffa07cc0000
end_va = 0x7ffa07cd3fff
monitored = 0
entry_point = 0x7ffa07cc1800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1621
start_va = 0x7ffa07ce0000
end_va = 0x7ffa07dd5fff
monitored = 0
entry_point = 0x7ffa07d19590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1622
start_va = 0x7ffa08390000
end_va = 0x7ffa083a0fff
monitored = 0
entry_point = 0x7ffa08392fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1623
start_va = 0x7ffa09490000
end_va = 0x7ffa0950efff
monitored = 1
entry_point = 0x7ffa094a7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1624
start_va = 0x7ffa0e8a0000
end_va = 0x7ffa0e903fff
monitored = 0
entry_point = 0x7ffa0e8b5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1625
start_va = 0x7ffa0f3e0000
end_va = 0x7ffa0f3f0fff
monitored = 0
entry_point = 0x7ffa0f3e3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1626
start_va = 0x7ffa12280000
end_va = 0x7ffa122b0fff
monitored = 0
entry_point = 0x7ffa12287d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1627
start_va = 0x7ffa12c20000
end_va = 0x7ffa12c48fff
monitored = 0
entry_point = 0x7ffa12c34530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1628
start_va = 0x7ffa12e10000
end_va = 0x7ffa12e1efff
monitored = 0
entry_point = 0x7ffa12e13210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1629
start_va = 0x7ffa13130000
end_va = 0x7ffa13317fff
monitored = 0
entry_point = 0x7ffa1315ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1630
start_va = 0x7ffa13320000
end_va = 0x7ffa13389fff
monitored = 0
entry_point = 0x7ffa13356d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1631
start_va = 0x7ffa13cc0000
end_va = 0x7ffa13d5cfff
monitored = 0
entry_point = 0x7ffa13cc78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1632
start_va = 0x7ffa13d80000
end_va = 0x7ffa13ed5fff
monitored = 0
entry_point = 0x7ffa13d8a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1633
start_va = 0x7ffa13ee0000
end_va = 0x7ffa14065fff
monitored = 0
entry_point = 0x7ffa13f2ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1634
start_va = 0x7ffa14070000
end_va = 0x7ffa140cafff
monitored = 0
entry_point = 0x7ffa140838b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1635
start_va = 0x7ffa14220000
end_va = 0x7ffa142c6fff
monitored = 0
entry_point = 0x7ffa1422b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1636
start_va = 0x7ffa14340000
end_va = 0x7ffa145bcfff
monitored = 0
entry_point = 0x7ffa14414970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1637
start_va = 0x7ffa145c0000
end_va = 0x7ffa146dbfff
monitored = 0
entry_point = 0x7ffa146002b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1638
start_va = 0x7ffa146e0000
end_va = 0x7ffa1474afff
monitored = 0
entry_point = 0x7ffa146f90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1639
start_va = 0x7ffa147c0000
end_va = 0x7ffa14880fff
monitored = 0
entry_point = 0x7ffa147e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1640
start_va = 0x7ffa15090000
end_va = 0x7ffa15136fff
monitored = 0
entry_point = 0x7ffa150a58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1641
start_va = 0x7ffa15160000
end_va = 0x7ffa1520cfff
monitored = 0
entry_point = 0x7ffa151781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1642
start_va = 0x7ffa16770000
end_va = 0x7ffa16930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 127
os_tid = 0x5b8
Thread:
id = 128
os_tid = 0xae8
Thread:
id = 129
os_tid = 0x4ac
Thread:
id = 130
os_tid = 0x2f8
Thread:
id = 131
os_tid = 0x2a4
Thread:
id = 132
os_tid = 0x320
Thread:
id = 133
os_tid = 0x17c
Thread:
id = 134
os_tid = 0x5c4
Process:
id = "10"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75424000"
os_pid = "0x354"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "4"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b255" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1907
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1908
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1909
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1910
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1911
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1912
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1913
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1914
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1915
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1916
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1917
start_va = 0x7ff79a2e0000
end_va = 0x7ff79a2ecfff
monitored = 0
entry_point = 0x7ff79a2e3980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1918
start_va = 0x7ffab60b0000
end_va = 0x7ffab6270fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2036
start_va = 0x100000
end_va = 0x1f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 2037
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2038
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2039
start_va = 0x7ffab4070000
end_va = 0x7ffab411cfff
monitored = 0
entry_point = 0x7ffab40881a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2040
start_va = 0x7ffab2db0000
end_va = 0x7ffab2f97fff
monitored = 0
entry_point = 0x7ffab2ddba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2041
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2042
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2043
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2044
start_va = 0x1f0000
end_va = 0x1f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2045
start_va = 0x7ffab3750000
end_va = 0x7ffab37aafff
monitored = 0
entry_point = 0x7ffab37638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2046
start_va = 0x7ffab4700000
end_va = 0x7ffab481bfff
monitored = 0
entry_point = 0x7ffab47402b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2047
start_va = 0x500000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 2048
start_va = 0x7ffab1870000
end_va = 0x7ffab1963fff
monitored = 0
entry_point = 0x7ffab187a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2049
start_va = 0x7ffab34d0000
end_va = 0x7ffab374cfff
monitored = 0
entry_point = 0x7ffab35a4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2050
start_va = 0x7ffab4ab0000
end_va = 0x7ffab4b4cfff
monitored = 0
entry_point = 0x7ffab4ab78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2051
start_va = 0x7ffab3250000
end_va = 0x7ffab32b9fff
monitored = 0
entry_point = 0x7ffab3286d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2052
start_va = 0x580000
end_va = 0x6b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2053
start_va = 0x6c0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 2054
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2055
start_va = 0x580000
end_va = 0x65cfff
monitored = 0
entry_point = 0x5de0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2056
start_va = 0x6b0000
end_va = 0x6b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 2057
start_va = 0x7ffab2720000
end_va = 0x7ffab272efff
monitored = 0
entry_point = 0x7ffab2723210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2058
start_va = 0x7ffab4280000
end_va = 0x7ffab43d5fff
monitored = 0
entry_point = 0x7ffab428a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2059
start_va = 0x7ffab3d30000
end_va = 0x7ffab3eb5fff
monitored = 0
entry_point = 0x7ffab3d7ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2060
start_va = 0x580000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 2061
start_va = 0x800000
end_va = 0x987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 2062
start_va = 0x990000
end_va = 0xb10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 2063
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2064
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2065
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2066
start_va = 0xb20000
end_va = 0xba6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 2067
start_va = 0xbb0000
end_va = 0xdaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 2068
start_va = 0xc00000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 2069
start_va = 0xd00000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d00000"
filename = ""
Region:
id = 2070
start_va = 0x7ffaad440000
end_va = 0x7ffaad58cfff
monitored = 0
entry_point = 0x7ffaad483da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2071
start_va = 0x7ffab1380000
end_va = 0x7ffab138bfff
monitored = 0
entry_point = 0x7ffab1382480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2072
start_va = 0x7ffaad420000
end_va = 0x7ffaad437fff
monitored = 0
entry_point = 0x7ffaad425910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2073
start_va = 0x7ffaad410000
end_va = 0x7ffaad419fff
monitored = 0
entry_point = 0x7ffaad411660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2074
start_va = 0x7ffab4930000
end_va = 0x7ffab49f0fff
monitored = 0
entry_point = 0x7ffab4950da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2075
start_va = 0xe00000
end_va = 0xf42fff
monitored = 0
entry_point = 0xe28210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2076
start_va = 0x640000
end_va = 0x676fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 2077
start_va = 0xe00000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 2078
start_va = 0xe00000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 2079
start_va = 0xf00000
end_va = 0x1236fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2080
start_va = 0x1240000
end_va = 0x133ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001240000"
filename = ""
Region:
id = 2081
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2082
start_va = 0x7ffab4a00000
end_va = 0x7ffab4aa6fff
monitored = 0
entry_point = 0x7ffab4a0b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2083
start_va = 0x640000
end_va = 0x640fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 2084
start_va = 0x670000
end_va = 0x676fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 2085
start_va = 0x7ffaaccb0000
end_va = 0x7ffaacd6efff
monitored = 0
entry_point = 0x7ffaaccd1c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 2086
start_va = 0x1340000
end_va = 0x143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001340000"
filename = ""
Region:
id = 2087
start_va = 0x1440000
end_va = 0x153ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001440000"
filename = ""
Region:
id = 2088
start_va = 0x1540000
end_va = 0x163ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001540000"
filename = ""
Region:
id = 2089
start_va = 0x7ffaac9d0000
end_va = 0x7ffaacacbfff
monitored = 0
entry_point = 0x7ffaaca06df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2090
start_va = 0x7ffaac980000
end_va = 0x7ffaac9c0fff
monitored = 0
entry_point = 0x7ffaac997eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2091
start_va = 0x7ffab2540000
end_va = 0x7ffab2558fff
monitored = 0
entry_point = 0x7ffab2545e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 2092
start_va = 0x1640000
end_va = 0x17b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001640000"
filename = ""
Region:
id = 2093
start_va = 0x17c0000
end_va = 0x19bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017c0000"
filename = ""
Region:
id = 2094
start_va = 0x1800000
end_va = 0x18fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 2096
start_va = 0x7ffab19d0000
end_va = 0x7ffab1a18fff
monitored = 0
entry_point = 0x7ffab19da090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2097
start_va = 0x7ffab26d0000
end_va = 0x7ffab271afff
monitored = 0
entry_point = 0x7ffab26d35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2098
start_va = 0x7ffaac960000
end_va = 0x7ffaac970fff
monitored = 0
entry_point = 0x7ffaac963320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 2099
start_va = 0x7ffab23b0000
end_va = 0x7ffab23dcfff
monitored = 0
entry_point = 0x7ffab23c9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2100
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 2101
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 2102
start_va = 0x1640000
end_va = 0x173ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001640000"
filename = ""
Region:
id = 2103
start_va = 0x17b0000
end_va = 0x17b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017b0000"
filename = ""
Region:
id = 2104
start_va = 0x7ffab2560000
end_va = 0x7ffab2588fff
monitored = 0
entry_point = 0x7ffab2574530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2105
start_va = 0xb20000
end_va = 0xb9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 2106
start_va = 0xba0000
end_va = 0xba6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 2107
start_va = 0xd00000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d00000"
filename = ""
Region:
id = 2108
start_va = 0x7ffaac8f0000
end_va = 0x7ffaac95dfff
monitored = 0
entry_point = 0x7ffaac8f7f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2109
start_va = 0x7ffaac8d0000
end_va = 0x7ffaac8dafff
monitored = 0
entry_point = 0x7ffaac8d1770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 2110
start_va = 0x7ffaacdc0000
end_va = 0x7ffaace51fff
monitored = 0
entry_point = 0x7ffaace0a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2111
start_va = 0x7ffaac750000
end_va = 0x7ffaac8cbfff
monitored = 0
entry_point = 0x7ffaac7a1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 2112
start_va = 0x7ffab4880000
end_va = 0x7ffab4926fff
monitored = 0
entry_point = 0x7ffab48958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2113
start_va = 0x7ffab3060000
end_va = 0x7ffab3226fff
monitored = 0
entry_point = 0x7ffab30bdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2114
start_va = 0x7ffab2750000
end_va = 0x7ffab275ffff
monitored = 0
entry_point = 0x7ffab27556e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2115
start_va = 0x7ffab44b0000
end_va = 0x7ffab451afff
monitored = 0
entry_point = 0x7ffab44c90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2116
start_va = 0x7ffab0f80000
end_va = 0x7ffab0fbffff
monitored = 0
entry_point = 0x7ffab0f91960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 2117
start_va = 0x7ffaac4c0000
end_va = 0x7ffaac587fff
monitored = 0
entry_point = 0x7ffaac5013f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2118
start_va = 0x7ffaad5c0000
end_va = 0x7ffaad5f5fff
monitored = 0
entry_point = 0x7ffaad5d0070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2119
start_va = 0x7ffaac450000
end_va = 0x7ffaac4b0fff
monitored = 0
entry_point = 0x7ffaac454b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2120
start_va = 0x7ffab1c20000
end_va = 0x7ffab1c50fff
monitored = 0
entry_point = 0x7ffab1c27d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2121
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 2122
start_va = 0x1a00000
end_va = 0x1a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 2123
start_va = 0x1a80000
end_va = 0x1b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a80000"
filename = ""
Region:
id = 2124
start_va = 0x1b80000
end_va = 0x1bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b80000"
filename = ""
Region:
id = 2125
start_va = 0x1c00000
end_va = 0x1cdcfff
monitored = 0
entry_point = 0x1c5e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2126
start_va = 0x1c00000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 2127
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 2128
start_va = 0x7ffaac370000
end_va = 0x7ffaac3c4fff
monitored = 0
entry_point = 0x7ffaac37fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2129
start_va = 0x7ffab2730000
end_va = 0x7ffab2743fff
monitored = 0
entry_point = 0x7ffab27352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2130
start_va = 0x7ffaac320000
end_va = 0x7ffaac361fff
monitored = 0
entry_point = 0x7ffaac3227d0
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 2131
start_va = 0x650000
end_va = 0x651fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 2132
start_va = 0x7ffaac280000
end_va = 0x7ffaac295fff
monitored = 0
entry_point = 0x7ffaac281b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2133
start_va = 0x7ffaac250000
end_va = 0x7ffaac276fff
monitored = 0
entry_point = 0x7ffaac253bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 2134
start_va = 0x7ffab43e0000
end_va = 0x7ffab443bfff
monitored = 0
entry_point = 0x7ffab43fb720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2135
start_va = 0x7ffab4b50000
end_va = 0x7ffab60aefff
monitored = 0
entry_point = 0x7ffab4cb11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2136
start_va = 0x7ffab1e90000
end_va = 0x7ffab1eaefff
monitored = 0
entry_point = 0x7ffab1e95d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2137
start_va = 0x7ffab1b40000
end_va = 0x7ffab1b4bfff
monitored = 0
entry_point = 0x7ffab1b427e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2138
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 2139
start_va = 0x7ffab32c0000
end_va = 0x7ffab3302fff
monitored = 0
entry_point = 0x7ffab32d4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2140
start_va = 0x7ffab2760000
end_va = 0x7ffab2da3fff
monitored = 0
entry_point = 0x7ffab29264b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2141
start_va = 0x7ffab46a0000
end_va = 0x7ffab46f1fff
monitored = 0
entry_point = 0x7ffab46af530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2142
start_va = 0x7ffab2fa0000
end_va = 0x7ffab3054fff
monitored = 0
entry_point = 0x7ffab2fe22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2143
start_va = 0x1f00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 2144
start_va = 0x7ffaac210000
end_va = 0x7ffaac24dfff
monitored = 0
entry_point = 0x7ffaac21a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2145
start_va = 0x7ffaac1e0000
end_va = 0x7ffaac20efff
monitored = 0
entry_point = 0x7ffaac1e8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 2146
start_va = 0x7ffaac1d0000
end_va = 0x7ffaac1dcfff
monitored = 0
entry_point = 0x7ffaac1d2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 2147
start_va = 0x2000000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 2148
start_va = 0x7ffaac8e0000
end_va = 0x7ffaac8effff
monitored = 0
entry_point = 0x7ffaac8e2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2149
start_va = 0x7ffaac1c0000
end_va = 0x7ffaac1cbfff
monitored = 0
entry_point = 0x7ffaac1c14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2150
start_va = 0x7ffaac1a0000
end_va = 0x7ffaac1b2fff
monitored = 0
entry_point = 0x7ffaac1a57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2151
start_va = 0x7ffab2000000
end_va = 0x7ffab205bfff
monitored = 0
entry_point = 0x7ffab2016f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2152
start_va = 0x660000
end_va = 0x660fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 2153
start_va = 0x7ffab1970000
end_va = 0x7ffab19c5fff
monitored = 0
entry_point = 0x7ffab1980bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2154
start_va = 0x2080000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 2155
start_va = 0x7ffab0dd0000
end_va = 0x7ffab0de2fff
monitored = 0
entry_point = 0x7ffab0dd2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2156
start_va = 0x7ffaac170000
end_va = 0x7ffaac19dfff
monitored = 0
entry_point = 0x7ffaac177550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2157
start_va = 0x7ffab2210000
end_va = 0x7ffab2230fff
monitored = 0
entry_point = 0x7ffab2220250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 2158
start_va = 0x7ffab0f40000
end_va = 0x7ffab0f47fff
monitored = 0
entry_point = 0x7ffab0f413e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 2159
start_va = 0x7ffaac130000
end_va = 0x7ffaac146fff
monitored = 0
entry_point = 0x7ffaac135630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2160
start_va = 0x680000
end_va = 0x680fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 2161
start_va = 0x7ffab16d0000
end_va = 0x7ffab16f3fff
monitored = 0
entry_point = 0x7ffab16d3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2162
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 2163
start_va = 0x2180000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 2164
start_va = 0x7ffaabf70000
end_va = 0x7ffaac055fff
monitored = 0
entry_point = 0x7ffaabf8cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 2165
start_va = 0x7ffaae3a0000
end_va = 0x7ffaae4d5fff
monitored = 0
entry_point = 0x7ffaae3cf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2166
start_va = 0x2280000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 2167
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 2168
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 2169
start_va = 0x7ffaab690000
end_va = 0x7ffaab6d0fff
monitored = 0
entry_point = 0x7ffaab694840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2170
start_va = 0x7ffaab670000
end_va = 0x7ffaab68ffff
monitored = 0
entry_point = 0x7ffaab6739a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 2171
start_va = 0x7ffab1110000
end_va = 0x7ffab1136fff
monitored = 0
entry_point = 0x7ffab1117940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2172
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 2173
start_va = 0x7ffaab630000
end_va = 0x7ffaab666fff
monitored = 0
entry_point = 0x7ffaab636020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 2174
start_va = 0x7ffaab5d0000
end_va = 0x7ffaab624fff
monitored = 0
entry_point = 0x7ffaab5d3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 2175
start_va = 0x2080000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 2176
start_va = 0x7ffaac3d0000
end_va = 0x7ffaac3dbfff
monitored = 0
entry_point = 0x7ffaac3d2830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 2177
start_va = 0x7ffaab5b0000
end_va = 0x7ffaab5c9fff
monitored = 0
entry_point = 0x7ffaab5b2cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 2178
start_va = 0x7ffab3be0000
end_va = 0x7ffab3d22fff
monitored = 0
entry_point = 0x7ffab3c08210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2179
start_va = 0x7ffaab590000
end_va = 0x7ffaab5a0fff
monitored = 0
entry_point = 0x7ffaab597ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 2180
start_va = 0x7ffaab560000
end_va = 0x7ffaab584fff
monitored = 0
entry_point = 0x7ffaab572f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 2181
start_va = 0x2380000
end_va = 0x257ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 2182
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 2183
start_va = 0x7ffaab520000
end_va = 0x7ffaab558fff
monitored = 0
entry_point = 0x7ffaab529c90
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 2184
start_va = 0x7ffaab500000
end_va = 0x7ffaab510fff
monitored = 0
entry_point = 0x7ffaab503e10
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 2185
start_va = 0x7ffaae010000
end_va = 0x7ffaae391fff
monitored = 0
entry_point = 0x7ffaae061220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2186
start_va = 0x7ffaab440000
end_va = 0x7ffaab4f0fff
monitored = 0
entry_point = 0x7ffaab4b88b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 2187
start_va = 0x7ffaab540000
end_va = 0x7ffaab551fff
monitored = 0
entry_point = 0x7ffaab549260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 2188
start_va = 0x7ffaab390000
end_va = 0x7ffaab43dfff
monitored = 0
entry_point = 0x7ffaab3a80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 2204
start_va = 0x1640000
end_va = 0x16bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001640000"
filename = ""
Region:
id = 2205
start_va = 0x7ffaac3e0000
end_va = 0x7ffaac443fff
monitored = 0
entry_point = 0x7ffaac3f5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2206
start_va = 0x7ffab0d70000
end_va = 0x7ffab0d8bfff
monitored = 0
entry_point = 0x7ffab0d737a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2207
start_va = 0x6a0000
end_va = 0x6acfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 2208
start_va = 0x16c0000
end_va = 0x173ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016c0000"
filename = ""
Region:
id = 2213
start_va = 0x7ffab21d0000
end_va = 0x7ffab21dafff
monitored = 0
entry_point = 0x7ffab21d19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2214
start_va = 0x2500000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 2215
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 2216
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 2229
start_va = 0x7ffab0be0000
end_va = 0x7ffab0d65fff
monitored = 0
entry_point = 0x7ffab0c2d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2230
start_va = 0x6c0000
end_va = 0x6c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2231
start_va = 0xbb0000
end_va = 0xbf4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 2232
start_va = 0x6d0000
end_va = 0x6d3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2233
start_va = 0x1440000
end_va = 0x14cdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 2234
start_va = 0x7ffaaaea0000
end_va = 0x7ffaaaf39fff
monitored = 0
entry_point = 0x7ffaaaebada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2235
start_va = 0x6e0000
end_va = 0x6f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 2236
start_va = 0x7ffab0d90000
end_va = 0x7ffab0dc1fff
monitored = 0
entry_point = 0x7ffab0d9b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 2237
start_va = 0x2800000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2238
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2239
start_va = 0x7ffaaadf0000
end_va = 0x7ffaaae8afff
monitored = 0
entry_point = 0x7ffaaadf7220
region_type = mapped_file
name = "settingsync.dll"
filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")
Region:
id = 2240
start_va = 0x14d0000
end_va = 0x14d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014d0000"
filename = ""
Region:
id = 2241
start_va = 0x2900000
end_va = 0x29dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2242
start_va = 0x7ffaaadb0000
end_va = 0x7ffaaadc0fff
monitored = 0
entry_point = 0x7ffaaadb28d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 2243
start_va = 0x29e0000
end_va = 0x2adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 2244
start_va = 0x2380000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 2248
start_va = 0x7ffaac2a0000
end_va = 0x7ffaac319fff
monitored = 0
entry_point = 0x7ffaac2c7630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2329
start_va = 0x7ffab2590000
end_va = 0x7ffab2628fff
monitored = 0
entry_point = 0x7ffab25bf4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2330
start_va = 0x14e0000
end_va = 0x14e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014e0000"
filename = ""
Region:
id = 2331
start_va = 0x14e0000
end_va = 0x14e1fff
monitored = 0
entry_point = 0x14e5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2332
start_va = 0x14f0000
end_va = 0x14f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2351
start_va = 0x7ffaaad10000
end_va = 0x7ffaaad1dfff
monitored = 0
entry_point = 0x7ffaaad11460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2389
start_va = 0x7ffaab2d0000
end_va = 0x7ffaab38ffff
monitored = 0
entry_point = 0x7ffaab2ffd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2390
start_va = 0x14e0000
end_va = 0x14e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 2420
start_va = 0x14e0000
end_va = 0x14e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000014e0000"
filename = ""
Region:
id = 2431
start_va = 0x7ffaaa6d0000
end_va = 0x7ffaaa721fff
monitored = 0
entry_point = 0x7ffaaa6d38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 2434
start_va = 0x7ffaaa6a0000
end_va = 0x7ffaaa6ccfff
monitored = 0
entry_point = 0x7ffaaa6a2290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 2435
start_va = 0x7ffaaa690000
end_va = 0x7ffaaa698fff
monitored = 0
entry_point = 0x7ffaaa691ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 2436
start_va = 0x7ffaab500000
end_va = 0x7ffaab537fff
monitored = 0
entry_point = 0x7ffaab518cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2437
start_va = 0x7ffaaa680000
end_va = 0x7ffaaa68ffff
monitored = 0
entry_point = 0x7ffaaa681700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 2438
start_va = 0x7ffab3310000
end_va = 0x7ffab3395fff
monitored = 0
entry_point = 0x7ffab331d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2439
start_va = 0x7ffab1450000
end_va = 0x7ffab1481fff
monitored = 0
entry_point = 0x7ffab1462340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 2462
start_va = 0x14e0000
end_va = 0x14e1fff
monitored = 0
entry_point = 0x14e5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2463
start_va = 0x7ffaaa610000
end_va = 0x7ffaaa653fff
monitored = 0
entry_point = 0x7ffaaa61c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2464
start_va = 0x7ffaaffa0000
end_va = 0x7ffab005dfff
monitored = 0
entry_point = 0x7ffaaffe2d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2465
start_va = 0x14f0000
end_va = 0x14f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2469
start_va = 0x1500000
end_va = 0x1500fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001500000"
filename = ""
Region:
id = 2471
start_va = 0x2ae0000
end_va = 0x2bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Thread:
id = 142
os_tid = 0x358
Thread:
id = 143
os_tid = 0x384
Thread:
id = 144
os_tid = 0x3dc
Thread:
id = 145
os_tid = 0x148
Thread:
id = 146
os_tid = 0x1b4
Thread:
id = 147
os_tid = 0x1b0
Thread:
id = 148
os_tid = 0x16c
Thread:
id = 149
os_tid = 0x250
Thread:
id = 150
os_tid = 0x258
Thread:
id = 151
os_tid = 0x8
Thread:
id = 152
os_tid = 0x280
Thread:
id = 153
os_tid = 0x28c
Thread:
id = 154
os_tid = 0x2a8
Thread:
id = 155
os_tid = 0x2c4
Thread:
id = 156
os_tid = 0x2e0
Thread:
id = 157
os_tid = 0x124
Thread:
id = 158
os_tid = 0x418
Thread:
id = 159
os_tid = 0x41c
Thread:
id = 160
os_tid = 0x420
Thread:
id = 161
os_tid = 0x42c
Thread:
id = 162
os_tid = 0x430
Thread:
id = 163
os_tid = 0x480
Thread:
id = 164
os_tid = 0x498
Thread:
id = 165
os_tid = 0x4dc
Thread:
id = 166
os_tid = 0x4e0
Thread:
id = 167
os_tid = 0x4e8
Thread:
id = 169
os_tid = 0x4a4
Thread:
id = 170
os_tid = 0x55c
Thread:
id = 194
os_tid = 0x564
Thread:
id = 202
os_tid = 0x600
Thread:
id = 204
os_tid = 0x634
Process:
id = "11"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x2e8f1000"
os_pid = "0x488"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x354"
cmd_line = "taskhostw.exe SYSTEM"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b255" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2192
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2193
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2194
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2195
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2196
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2197
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2198
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2199
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2200
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2201
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2202
start_va = 0x7ff68ea70000
end_va = 0x7ff68ea88fff
monitored = 0
entry_point = 0x7ff68ea759b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 2203
start_va = 0x7ffab60b0000
end_va = 0x7ffab6270fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2217
start_va = 0x400000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2218
start_va = 0x7ffab4070000
end_va = 0x7ffab411cfff
monitored = 0
entry_point = 0x7ffab40881a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2219
start_va = 0x7ffab2db0000
end_va = 0x7ffab2f97fff
monitored = 0
entry_point = 0x7ffab2ddba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2220
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2221
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2222
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2223
start_va = 0x7ffab4ab0000
end_va = 0x7ffab4b4cfff
monitored = 0
entry_point = 0x7ffab4ab78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2224
start_va = 0x550000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 2225
start_va = 0x7ffab4700000
end_va = 0x7ffab481bfff
monitored = 0
entry_point = 0x7ffab47402b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2226
start_va = 0x7ffab34d0000
end_va = 0x7ffab374cfff
monitored = 0
entry_point = 0x7ffab35a4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2227
start_va = 0x7ffab3250000
end_va = 0x7ffab32b9fff
monitored = 0
entry_point = 0x7ffab3286d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2228
start_va = 0x7ffab4930000
end_va = 0x7ffab49f0fff
monitored = 0
entry_point = 0x7ffab4950da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2245
start_va = 0x5d0000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 2246
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2247
start_va = 0x640000
end_va = 0x782fff
monitored = 0
entry_point = 0x668210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2403
start_va = 0x640000
end_va = 0x71cfff
monitored = 0
entry_point = 0x69e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2404
start_va = 0x7ffab2720000
end_va = 0x7ffab272efff
monitored = 0
entry_point = 0x7ffab2723210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2405
start_va = 0x7ffab4280000
end_va = 0x7ffab43d5fff
monitored = 0
entry_point = 0x7ffab428a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2406
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2407
start_va = 0x7ffab3d30000
end_va = 0x7ffab3eb5fff
monitored = 0
entry_point = 0x7ffab3d7ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2440
start_va = 0x640000
end_va = 0x7c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 2441
start_va = 0x7d0000
end_va = 0x950fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 2442
start_va = 0x960000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 2443
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 2459
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2460
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2461
start_va = 0x7ffab3750000
end_va = 0x7ffab37aafff
monitored = 0
entry_point = 0x7ffab37638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Thread:
id = 168
os_tid = 0x48c
Thread:
id = 171
os_tid = 0x4ec
Process:
id = "12"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x744a3000"
os_pid = "0x3bc"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "10"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d0e0" [0xc000000f], "LOCAL" [0x7]
Region:
id = 2249
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2250
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2251
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2252
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2253
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2254
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2255
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2256
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2257
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2258
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2259
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2260
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2261
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2262
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2263
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2264
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 2265
start_va = 0x550000
end_va = 0x598fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 2266
start_va = 0x5e0000
end_va = 0x5e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2267
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2268
start_va = 0x700000
end_va = 0x887fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 2269
start_va = 0x8f0000
end_va = 0x8f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 2270
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 2271
start_va = 0xa00000
end_va = 0xb80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 2272
start_va = 0xc50000
end_va = 0xc56fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 2273
start_va = 0xd00000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d00000"
filename = ""
Region:
id = 2274
start_va = 0xe00000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 2275
start_va = 0x1000000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 2276
start_va = 0x1100000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 2277
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2278
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 2279
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2280
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 2281
start_va = 0x1600000
end_va = 0x25fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 2282
start_va = 0x2600000
end_va = 0x2936fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2283
start_va = 0x2970000
end_va = 0x29effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002970000"
filename = ""
Region:
id = 2284
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 2285
start_va = 0x2c00000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 2286
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 2287
start_va = 0x2e00000
end_va = 0x35fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-18.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-18.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-18.dat")
Region:
id = 2288
start_va = 0x3700000
end_va = 0x37fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003700000"
filename = ""
Region:
id = 2289
start_va = 0x3900000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 2290
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2291
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2292
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2293
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2294
start_va = 0x7ff79a2e0000
end_va = 0x7ff79a2ecfff
monitored = 0
entry_point = 0x7ff79a2e3980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2295
start_va = 0x7ffaaad20000
end_va = 0x7ffaaadaafff
monitored = 0
entry_point = 0x7ffaaad3d2a0
region_type = mapped_file
name = "netprofmsvc.dll"
filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")
Region:
id = 2296
start_va = 0x7ffaab2c0000
end_va = 0x7ffaab2ccfff
monitored = 0
entry_point = 0x7ffaab2c2650
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 2297
start_va = 0x7ffaac1c0000
end_va = 0x7ffaac1cbfff
monitored = 0
entry_point = 0x7ffaac1c14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2298
start_va = 0x7ffaac2a0000
end_va = 0x7ffaac319fff
monitored = 0
entry_point = 0x7ffaac2c7630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2299
start_va = 0x7ffaacad0000
end_va = 0x7ffaacaf8fff
monitored = 0
entry_point = 0x7ffaacae24d0
region_type = mapped_file
name = "fontprovider.dll"
filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")
Region:
id = 2300
start_va = 0x7ffaacb00000
end_va = 0x7ffaacca1fff
monitored = 0
entry_point = 0x7ffaacb4c2d0
region_type = mapped_file
name = "fntcache.dll"
filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")
Region:
id = 2301
start_va = 0x7ffaacd70000
end_va = 0x7ffaacdb9fff
monitored = 0
entry_point = 0x7ffaacd7ac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 2302
start_va = 0x7ffaacdc0000
end_va = 0x7ffaace51fff
monitored = 0
entry_point = 0x7ffaace0a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2303
start_va = 0x7ffaace60000
end_va = 0x7ffaace92fff
monitored = 0
entry_point = 0x7ffaace6d5a0
region_type = mapped_file
name = "biwinrt.dll"
filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")
Region:
id = 2304
start_va = 0x7ffaacea0000
end_va = 0x7ffaacf18fff
monitored = 0
entry_point = 0x7ffaaceb7800
region_type = mapped_file
name = "geolocation.dll"
filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")
Region:
id = 2305
start_va = 0x7ffaacf20000
end_va = 0x7ffaacf39fff
monitored = 0
entry_point = 0x7ffaacf2b670
region_type = mapped_file
name = "tzautoupdate.dll"
filename = "\\Windows\\System32\\tzautoupdate.dll" (normalized: "c:\\windows\\system32\\tzautoupdate.dll")
Region:
id = 2306
start_va = 0x7ffaad420000
end_va = 0x7ffaad437fff
monitored = 0
entry_point = 0x7ffaad425910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2307
start_va = 0x7ffaad5c0000
end_va = 0x7ffaad5f5fff
monitored = 0
entry_point = 0x7ffaad5d0070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2308
start_va = 0x7ffab11f0000
end_va = 0x7ffab12effff
monitored = 0
entry_point = 0x7ffab1230f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2309
start_va = 0x7ffab1870000
end_va = 0x7ffab1963fff
monitored = 0
entry_point = 0x7ffab187a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2310
start_va = 0x7ffab1e90000
end_va = 0x7ffab1eaefff
monitored = 0
entry_point = 0x7ffab1e95d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2311
start_va = 0x7ffab2560000
end_va = 0x7ffab2588fff
monitored = 0
entry_point = 0x7ffab2574530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2312
start_va = 0x7ffab2720000
end_va = 0x7ffab272efff
monitored = 0
entry_point = 0x7ffab2723210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2313
start_va = 0x7ffab2730000
end_va = 0x7ffab2743fff
monitored = 0
entry_point = 0x7ffab27352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2314
start_va = 0x7ffab2db0000
end_va = 0x7ffab2f97fff
monitored = 0
entry_point = 0x7ffab2ddba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2315
start_va = 0x7ffab2fa0000
end_va = 0x7ffab3054fff
monitored = 0
entry_point = 0x7ffab2fe22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2316
start_va = 0x7ffab3250000
end_va = 0x7ffab32b9fff
monitored = 0
entry_point = 0x7ffab3286d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2317
start_va = 0x7ffab34d0000
end_va = 0x7ffab374cfff
monitored = 0
entry_point = 0x7ffab35a4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2318
start_va = 0x7ffab3750000
end_va = 0x7ffab37aafff
monitored = 0
entry_point = 0x7ffab37638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2319
start_va = 0x7ffab3d30000
end_va = 0x7ffab3eb5fff
monitored = 0
entry_point = 0x7ffab3d7ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2320
start_va = 0x7ffab4070000
end_va = 0x7ffab411cfff
monitored = 0
entry_point = 0x7ffab40881a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2321
start_va = 0x7ffab4280000
end_va = 0x7ffab43d5fff
monitored = 0
entry_point = 0x7ffab428a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2322
start_va = 0x7ffab4530000
end_va = 0x7ffab4537fff
monitored = 0
entry_point = 0x7ffab4531ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2323
start_va = 0x7ffab4700000
end_va = 0x7ffab481bfff
monitored = 0
entry_point = 0x7ffab47402b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2324
start_va = 0x7ffab4880000
end_va = 0x7ffab4926fff
monitored = 0
entry_point = 0x7ffab48958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2325
start_va = 0x7ffab4930000
end_va = 0x7ffab49f0fff
monitored = 0
entry_point = 0x7ffab4950da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2326
start_va = 0x7ffab4a00000
end_va = 0x7ffab4aa6fff
monitored = 0
entry_point = 0x7ffab4a0b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2327
start_va = 0x7ffab4ab0000
end_va = 0x7ffab4b4cfff
monitored = 0
entry_point = 0x7ffab4ab78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2328
start_va = 0x7ffab60b0000
end_va = 0x7ffab6270fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2333
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 2345
start_va = 0x5a0000
end_va = 0x5a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netprofmsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui")
Region:
id = 2346
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 2347
start_va = 0x3c00000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 2348
start_va = 0x3d00000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d00000"
filename = ""
Region:
id = 2349
start_va = 0x3e00000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 2350
start_va = 0x7ffaaad10000
end_va = 0x7ffaaad1dfff
monitored = 0
entry_point = 0x7ffaaad11460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2352
start_va = 0x7ffab3be0000
end_va = 0x7ffab3d22fff
monitored = 0
entry_point = 0x7ffab3c08210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2353
start_va = 0x5b0000
end_va = 0x5ddfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 2454
start_va = 0x3f00000
end_va = 0x40fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 2455
start_va = 0x3f00000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Thread:
id = 172
os_tid = 0x56c
Thread:
id = 173
os_tid = 0x4d8
Thread:
id = 174
os_tid = 0x428
Thread:
id = 175
os_tid = 0x1c8
Thread:
id = 176
os_tid = 0x170
Thread:
id = 177
os_tid = 0x174
Thread:
id = 178
os_tid = 0x158
Thread:
id = 179
os_tid = 0x160
Thread:
id = 180
os_tid = 0x150
Thread:
id = 181
os_tid = 0x3c8
Thread:
id = 182
os_tid = 0x3c0
Thread:
id = 183
os_tid = 0x570
Thread:
id = 185
os_tid = 0x580
Thread:
id = 186
os_tid = 0x584
Thread:
id = 187
os_tid = 0x588
Thread:
id = 188
os_tid = 0x58c
Process:
id = "13"
image_name = "sihost.exe"
filename = "c:\\windows\\system32\\sihost.exe"
page_root = "0x2d3ed000"
os_pid = "0x578"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x354"
cmd_line = "sihost.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd13" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2334
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2335
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2336
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2337
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2338
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2339
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2340
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2341
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2342
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2343
start_va = 0x7ff76c420000
end_va = 0x7ff76c435fff
monitored = 0
entry_point = 0x7ff76c425190
region_type = mapped_file
name = "sihost.exe"
filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")
Region:
id = 2344
start_va = 0x7ffab60b0000
end_va = 0x7ffab6270fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2354
start_va = 0x400000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2355
start_va = 0x7ffab4070000
end_va = 0x7ffab411cfff
monitored = 0
entry_point = 0x7ffab40881a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2356
start_va = 0x7ffab2db0000
end_va = 0x7ffab2f97fff
monitored = 0
entry_point = 0x7ffab2ddba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2357
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2358
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2359
start_va = 0xf0000
end_va = 0x1adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2360
start_va = 0x7ffab4ab0000
end_va = 0x7ffab4b4cfff
monitored = 0
entry_point = 0x7ffab4ab78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2361
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2362
start_va = 0x580000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2363
start_va = 0x7ffab34d0000
end_va = 0x7ffab374cfff
monitored = 0
entry_point = 0x7ffab35a4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2364
start_va = 0x7ffab4700000
end_va = 0x7ffab481bfff
monitored = 0
entry_point = 0x7ffab47402b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2365
start_va = 0x7ffab3250000
end_va = 0x7ffab32b9fff
monitored = 0
entry_point = 0x7ffab3286d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2366
start_va = 0x7ffab3750000
end_va = 0x7ffab37aafff
monitored = 0
entry_point = 0x7ffab37638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2367
start_va = 0x7ffab4880000
end_va = 0x7ffab4926fff
monitored = 0
entry_point = 0x7ffab48958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2368
start_va = 0x7ffab1c20000
end_va = 0x7ffab1c50fff
monitored = 0
entry_point = 0x7ffab1c27d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2369
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2370
start_va = 0x7ffaaffa0000
end_va = 0x7ffab005dfff
monitored = 0
entry_point = 0x7ffaaffe2d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2371
start_va = 0x480000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2372
start_va = 0x7ffaaa9d0000
end_va = 0x7ffaaac57fff
monitored = 0
entry_point = 0x7ffaaaa2f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 2373
start_va = 0x7ffab2720000
end_va = 0x7ffab272efff
monitored = 0
entry_point = 0x7ffab2723210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2374
start_va = 0x7ffab4280000
end_va = 0x7ffab43d5fff
monitored = 0
entry_point = 0x7ffab428a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2375
start_va = 0x7ffab3d30000
end_va = 0x7ffab3eb5fff
monitored = 0
entry_point = 0x7ffab3d7ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2376
start_va = 0x7ffab2fa0000
end_va = 0x7ffab3054fff
monitored = 0
entry_point = 0x7ffab2fe22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2377
start_va = 0x7ffaae3a0000
end_va = 0x7ffaae4d5fff
monitored = 0
entry_point = 0x7ffaae3cf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2378
start_va = 0x680000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 2379
start_va = 0x1b0000
end_va = 0x1b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 2380
start_va = 0x1c0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2381
start_va = 0x680000
end_va = 0x807fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 2382
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2383
start_va = 0x7ffab4540000
end_va = 0x7ffab457afff
monitored = 0
entry_point = 0x7ffab45412f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2384
start_va = 0x820000
end_va = 0x9a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 2385
start_va = 0x9b0000
end_va = 0x1daffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009b0000"
filename = ""
Region:
id = 2386
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2387
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2388
start_va = 0x1db0000
end_va = 0x1e8cfff
monitored = 0
entry_point = 0x1e0e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2391
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2392
start_va = 0x7ffab4a00000
end_va = 0x7ffab4aa6fff
monitored = 0
entry_point = 0x7ffab4a0b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2393
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2394
start_va = 0x7ffaaa9b0000
end_va = 0x7ffaaa9cdfff
monitored = 0
entry_point = 0x7ffaaa9b5340
region_type = mapped_file
name = "desktopshellext.dll"
filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")
Region:
id = 2395
start_va = 0x7ffaaa990000
end_va = 0x7ffaaa9a1fff
monitored = 0
entry_point = 0x7ffaaa995110
region_type = mapped_file
name = "windows.shell.servicehostbuilder.dll"
filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")
Region:
id = 2396
start_va = 0x1db0000
end_va = 0x1eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001db0000"
filename = ""
Region:
id = 2397
start_va = 0x1eb0000
end_va = 0x1f8cfff
monitored = 0
entry_point = 0x1f0e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2398
start_va = 0x500000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 2399
start_va = 0x1eb0000
end_va = 0x1f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001eb0000"
filename = ""
Region:
id = 2400
start_va = 0x1f30000
end_va = 0x1faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f30000"
filename = ""
Region:
id = 2401
start_va = 0x7ffab0680000
end_va = 0x7ffab0b12fff
monitored = 0
entry_point = 0x7ffab068f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2402
start_va = 0x7ffaaa8b0000
end_va = 0x7ffaaa989fff
monitored = 0
entry_point = 0x7ffaaa9003b0
region_type = mapped_file
name = "modernexecserver.dll"
filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")
Region:
id = 2408
start_va = 0x7ffab4930000
end_va = 0x7ffab49f0fff
monitored = 0
entry_point = 0x7ffab4950da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2409
start_va = 0x7ffab26d0000
end_va = 0x7ffab271afff
monitored = 0
entry_point = 0x7ffab26d35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2410
start_va = 0x7ffab1490000
end_va = 0x7ffab14b9fff
monitored = 0
entry_point = 0x7ffab1498b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2411
start_va = 0x7ffaaa860000
end_va = 0x7ffaaa8aafff
monitored = 0
entry_point = 0x7ffaaa877b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 2412
start_va = 0x7ffab11f0000
end_va = 0x7ffab12effff
monitored = 0
entry_point = 0x7ffab1230f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2413
start_va = 0x7ffab2560000
end_va = 0x7ffab2588fff
monitored = 0
entry_point = 0x7ffab2574530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2414
start_va = 0x7ffaacdc0000
end_va = 0x7ffaace51fff
monitored = 0
entry_point = 0x7ffaace0a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2415
start_va = 0x1fb0000
end_va = 0x20f2fff
monitored = 0
entry_point = 0x1fd8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2416
start_va = 0x1fb0000
end_va = 0x208ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2417
start_va = 0x2090000
end_va = 0x210ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002090000"
filename = ""
Region:
id = 2418
start_va = 0x7ffab1050000
end_va = 0x7ffab10e5fff
monitored = 0
entry_point = 0x7ffab1075570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2419
start_va = 0x2110000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 2421
start_va = 0x7ffaaa7c0000
end_va = 0x7ffaaa7f0fff
monitored = 0
entry_point = 0x7ffaaa7c3400
region_type = mapped_file
name = "clipboardserver.dll"
filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")
Region:
id = 2422
start_va = 0x7ffaaa760000
end_va = 0x7ffaaa7bcfff
monitored = 0
entry_point = 0x7ffaaa770080
region_type = mapped_file
name = "activationmanager.dll"
filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")
Region:
id = 2423
start_va = 0x7ffaaa730000
end_va = 0x7ffaaa752fff
monitored = 0
entry_point = 0x7ffaaa733020
region_type = mapped_file
name = "appointmentactivation.dll"
filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")
Region:
id = 2424
start_va = 0x2130000
end_va = 0x21affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 2425
start_va = 0x7ffab3be0000
end_va = 0x7ffab3d22fff
monitored = 0
entry_point = 0x7ffab3c08210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2426
start_va = 0x7ffaab690000
end_va = 0x7ffaab6d0fff
monitored = 0
entry_point = 0x7ffaab694840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2427
start_va = 0x21b0000
end_va = 0x222ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021b0000"
filename = ""
Region:
id = 2428
start_va = 0x7ffaac8e0000
end_va = 0x7ffaac8effff
monitored = 0
entry_point = 0x7ffaac8e2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2429
start_va = 0x2230000
end_va = 0x232ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 2430
start_va = 0x2330000
end_va = 0x2b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002330000"
filename = ""
Region:
id = 2432
start_va = 0x2b30000
end_va = 0x2baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b30000"
filename = ""
Region:
id = 2433
start_va = 0x2bb0000
end_va = 0x2c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 2444
start_va = 0x2c30000
end_va = 0x2caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c30000"
filename = ""
Region:
id = 2445
start_va = 0x7ffaaa610000
end_va = 0x7ffaaa653fff
monitored = 0
entry_point = 0x7ffaaa61c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2446
start_va = 0x7ffaacf30000
end_va = 0x7ffaacf3dfff
monitored = 0
entry_point = 0x7ffaacf32690
region_type = mapped_file
name = "notificationplatformcomponent.dll"
filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")
Region:
id = 2447
start_va = 0x7ffaaa570000
end_va = 0x7ffaaa606fff
monitored = 0
entry_point = 0x7ffaaa584fd0
region_type = mapped_file
name = "appcontracts.dll"
filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")
Region:
id = 2448
start_va = 0x7ffaaa4c0000
end_va = 0x7ffaaa561fff
monitored = 0
entry_point = 0x7ffaaa4c2b20
region_type = mapped_file
name = "sharehost.dll"
filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")
Region:
id = 2449
start_va = 0x7ffab46a0000
end_va = 0x7ffab46f1fff
monitored = 0
entry_point = 0x7ffab46af530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2450
start_va = 0x7ffab2760000
end_va = 0x7ffab2da3fff
monitored = 0
entry_point = 0x7ffab29264b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2451
start_va = 0x7ffab32c0000
end_va = 0x7ffab3302fff
monitored = 0
entry_point = 0x7ffab32d4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2452
start_va = 0x7ffab2730000
end_va = 0x7ffab2743fff
monitored = 0
entry_point = 0x7ffab27352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2453
start_va = 0x7ffaacf20000
end_va = 0x7ffaacf28fff
monitored = 0
entry_point = 0x7ffaacf21480
region_type = mapped_file
name = "wpportinglibrary.dll"
filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")
Region:
id = 2456
start_va = 0x7ffaaa1e0000
end_va = 0x7ffaaa43cfff
monitored = 0
entry_point = 0x7ffaaa268610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 2457
start_va = 0x2cb0000
end_va = 0x2d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 2458
start_va = 0x7ffaaa160000
end_va = 0x7ffaaa174fff
monitored = 0
entry_point = 0x7ffaaa161ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2468
start_va = 0x2d30000
end_va = 0x2daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d30000"
filename = ""
Region:
id = 2472
start_va = 0x2db0000
end_va = 0x2e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002db0000"
filename = ""
Thread:
id = 184
os_tid = 0x57c
Thread:
id = 189
os_tid = 0x590
Thread:
id = 190
os_tid = 0x59c
Thread:
id = 191
os_tid = 0x5a4
Thread:
id = 192
os_tid = 0x5a8
Thread:
id = 193
os_tid = 0x5ac
Thread:
id = 195
os_tid = 0x5b0
Thread:
id = 196
os_tid = 0x5b4
Thread:
id = 197
os_tid = 0x5bc
Thread:
id = 198
os_tid = 0x5c8
Thread:
id = 199
os_tid = 0x5cc
Thread:
id = 200
os_tid = 0x5e4
Thread:
id = 201
os_tid = 0x5f8
Thread:
id = 203
os_tid = 0x614
Thread:
id = 205
os_tid = 0x638