# Flog Txt Version 1 # Analyzer Version: 2023.3.1 # Analyzer Build Date: Jul 17 2023 06:23:22 # Log Creation Date: 25.08.2023 08:41:18.005 Process: id = "1" image_name = "6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" page_root = "0x6c44d000" os_pid = "0xca4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7e8" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fdef" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 124 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 125 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 126 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 127 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 128 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 129 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 130 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 131 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 132 start_va = 0x870000 end_va = 0xfcdfff monitored = 1 entry_point = 0xf621a7 region_type = mapped_file name = "6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe") Region: id = 133 start_va = 0xfd0000 end_va = 0xfd1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 134 start_va = 0x77170000 end_va = 0x772eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 135 start_va = 0x7f220000 end_va = 0x7f242fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f220000" filename = "" Region: id = 136 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 137 start_va = 0x7fff0000 end_va = 0x7ffa7be7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 138 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 139 start_va = 0x7ffa7c041000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa7c041000" filename = "" Region: id = 278 start_va = 0x400000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 279 start_va = 0x68470000 end_va = 0x684bffff monitored = 0 entry_point = 0x68488180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 280 start_va = 0x683f0000 end_va = 0x68469fff monitored = 0 entry_point = 0x68403290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 281 start_va = 0x76be0000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76bf3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x684c0000 end_va = 0x684c7fff monitored = 0 entry_point = 0x684c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 283 start_va = 0xfe0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 284 start_va = 0x6f7f0000 end_va = 0x6f848fff monitored = 1 entry_point = 0x6f800780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 285 start_va = 0x76be0000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76bf3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 286 start_va = 0x75e30000 end_va = 0x75fadfff monitored = 0 entry_point = 0x75ee1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 287 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 288 start_va = 0x7f120000 end_va = 0x7f21ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f120000" filename = "" Region: id = 289 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 290 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 291 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 292 start_va = 0x73df0000 end_va = 0x73e81fff monitored = 0 entry_point = 0x73e30380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 293 start_va = 0x7ed70000 end_va = 0x7f110fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 294 start_va = 0xfe0000 end_va = 0xfe3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 295 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 296 start_va = 0x76ff0000 end_va = 0x7706afff monitored = 0 entry_point = 0x7700e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 297 start_va = 0x76070000 end_va = 0x7612dfff monitored = 0 entry_point = 0x760a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 298 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 299 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 300 start_va = 0x75880000 end_va = 0x758c3fff monitored = 0 entry_point = 0x75899d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 301 start_va = 0x75fc0000 end_va = 0x7606cfff monitored = 0 entry_point = 0x75fd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 302 start_va = 0x73ea0000 end_va = 0x73ebdfff monitored = 0 entry_point = 0x73eab640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 303 start_va = 0x73e90000 end_va = 0x73e99fff monitored = 0 entry_point = 0x73e92a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 304 start_va = 0x76ce0000 end_va = 0x76d37fff monitored = 0 entry_point = 0x76d225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 305 start_va = 0x1100000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 306 start_va = 0x6f770000 end_va = 0x6f7ecfff monitored = 1 entry_point = 0x6f780db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 307 start_va = 0x75990000 end_va = 0x759d4fff monitored = 0 entry_point = 0x759ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 308 start_va = 0x75a80000 end_va = 0x75c3cfff monitored = 0 entry_point = 0x75b62a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 309 start_va = 0x76d40000 end_va = 0x76e8efff monitored = 0 entry_point = 0x76df6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 310 start_va = 0x73ec0000 end_va = 0x74006fff monitored = 0 entry_point = 0x73ed1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 311 start_va = 0x6c0000 end_va = 0x847fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 312 start_va = 0x1100000 end_va = 0x1129fff monitored = 0 entry_point = 0x1105680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 313 start_va = 0x1230000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 314 start_va = 0x75c40000 end_va = 0x75c6afff monitored = 0 entry_point = 0x75c45680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 315 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 316 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 317 start_va = 0x1240000 end_va = 0x13c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001240000" filename = "" Region: id = 318 start_va = 0x13d0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013d0000" filename = "" Region: id = 319 start_va = 0x27d0000 end_va = 0x2f27fff monitored = 1 entry_point = 0x2ec21a7 region_type = mapped_file name = "6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe") Region: id = 320 start_va = 0x759e0000 end_va = 0x759ebfff monitored = 0 entry_point = 0x759e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 321 start_va = 0x6f760000 end_va = 0x6f767fff monitored = 0 entry_point = 0x6f7617b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 322 start_va = 0x6f070000 end_va = 0x6f750fff monitored = 1 entry_point = 0x6f09cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 323 start_va = 0x6ef70000 end_va = 0x6f064fff monitored = 0 entry_point = 0x6efc4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 324 start_va = 0xff0000 end_va = 0xff0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 325 start_va = 0x1100000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 326 start_va = 0x1110000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 327 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 328 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 329 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 330 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 331 start_va = 0x1160000 end_va = 0x1160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 332 start_va = 0x1170000 end_va = 0x1170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 333 start_va = 0x27d0000 end_va = 0x299ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 334 start_va = 0x1180000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 335 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 336 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 337 start_va = 0x2990000 end_va = 0x299ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 338 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 339 start_va = 0x11b0000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 340 start_va = 0x29a0000 end_va = 0x499ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 341 start_va = 0x28d0000 end_va = 0x296ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 342 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 343 start_va = 0x49a0000 end_va = 0x4a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049a0000" filename = "" Region: id = 344 start_va = 0x4aa0000 end_va = 0x4dd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 345 start_va = 0x6dcb0000 end_va = 0x6ef61fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 346 start_va = 0x76f00000 end_va = 0x76feafff monitored = 0 entry_point = 0x76f3d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 347 start_va = 0x4de0000 end_va = 0x4e70fff monitored = 0 entry_point = 0x4e18cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 348 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 349 start_va = 0x6dc30000 end_va = 0x6dcaffff monitored = 1 entry_point = 0x6dc31180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 350 start_va = 0x76610000 end_va = 0x766a1fff monitored = 0 entry_point = 0x76648cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 351 start_va = 0x1190000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 352 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 353 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 354 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 355 start_va = 0x711a0000 end_va = 0x711b2fff monitored = 0 entry_point = 0x711a9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 356 start_va = 0x6ff90000 end_va = 0x6ffbefff monitored = 0 entry_point = 0x6ffa95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 357 start_va = 0x714e0000 end_va = 0x714fafff monitored = 0 entry_point = 0x714e9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 358 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 359 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 360 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 361 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 362 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 363 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 364 start_va = 0x4de0000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 365 start_va = 0x11c0000 end_va = 0x1221fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 366 start_va = 0x550000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 367 start_va = 0x4e70000 end_va = 0x4f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 368 start_va = 0x2970000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 369 start_va = 0x2980000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 370 start_va = 0x2970000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 371 start_va = 0x6d260000 end_va = 0x6dc2bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 372 start_va = 0x6cb30000 end_va = 0x6d250fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 373 start_va = 0x2980000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 374 start_va = 0x2970000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 375 start_va = 0x2970000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 376 start_va = 0x2980000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 377 start_va = 0x2980000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Thread: id = 1 os_tid = 0xc9c [0070.963] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0072.201] RoInitialize () returned 0x1 [0072.202] RoUninitialize () returned 0x0 [0072.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d790 | out: phkResult=0x18d790*=0x0) returned 0x2 [0072.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18e80c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0074.572] EtwEventRegister (in: ProviderId=0x29b0c3c, EnableCallback=0x4e605be, CallbackContext=0x0, RegHandle=0x29b0c18 | out: RegHandle=0x29b0c18) returned 0x0 [0074.576] EtwEventSetInformation (RegHandle=0x1045958, InformationClass=0x2a, EventInformation=0x2, InformationLength=0x29b0b74) returned 0x0 [0074.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe.config", nBufferLength=0x105, lpBuffer=0x18e648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe.config", lpFilePart=0x0) returned 0x69 [0074.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eaf8) returned 1 [0074.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18eb74 | out: lpFileInformation=0x18eb74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0074.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eaf4) returned 1 [0075.903] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18edac | out: pfEnabled=0x18edac) returned 0x0 [0078.749] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x680c9e2d, Data2=0x810c, Data3=0x4fb7, Data4=([0]=0xa9, [1]=0xc9, [2]=0xd, [3]=0xb, [4]=0x48, [5]=0xf1, [6]=0x49, [7]=0xf))) returned 0x0 [0079.300] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x2408d796, Data2=0x3139, Data3=0x48b3, Data4=([0]=0x9e, [1]=0xac, [2]=0x9b, [3]=0xff, [4]=0xd6, [5]=0x30, [6]=0xaf, [7]=0xa4))) returned 0x0 [0079.391] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x3eb8bbf4, Data2=0x80e1, Data3=0x4f7e, Data4=([0]=0x8f, [1]=0x2, [2]=0x3d, [3]=0xcb, [4]=0xa, [5]=0x61, [6]=0x39, [7]=0x4e))) returned 0x0 [0079.413] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0xbfff7c9b, Data2=0xc3b4, Data3=0x454e, Data4=([0]=0x92, [1]=0xfa, [2]=0xac, [3]=0xbb, [4]=0xde, [5]=0x73, [6]=0x54, [7]=0xe1))) returned 0x0 [0079.564] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x76165cbe, Data2=0xdc0f, Data3=0x441a, Data4=([0]=0xbe, [1]=0x8, [2]=0x9, [3]=0x4d, [4]=0xf0, [5]=0x6, [6]=0x41, [7]=0x5e))) returned 0x0 [0079.859] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x7bfbb2a1, Data2=0x834a, Data3=0x406d, Data4=([0]=0x83, [1]=0x80, [2]=0x1a, [3]=0xd, [4]=0xac, [5]=0x5, [6]=0xfb, [7]=0xe4))) returned 0x0 [0079.966] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x4a5603f6, Data2=0x2700, Data3=0x4bd1, Data4=([0]=0xa7, [1]=0xec, [2]=0x7f, [3]=0xb0, [4]=0xa7, [5]=0xd1, [6]=0x9e, [7]=0x98))) returned 0x0 [0080.443] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0xfd3cd8f8, Data2=0xdbb7, Data3=0x43f0, Data4=([0]=0xbc, [1]=0xd9, [2]=0xe6, [3]=0x72, [4]=0xa0, [5]=0xdc, [6]=0x69, [7]=0x3f))) returned 0x0 [0080.467] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0xd57c5f72, Data2=0xa480, Data3=0x4e8b, Data4=([0]=0x87, [1]=0xc2, [2]=0xb7, [3]=0x31, [4]=0x9a, [5]=0xc1, [6]=0x6f, [7]=0xf1))) returned 0x0 [0080.651] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x74df3c1f, Data2=0xb26d, Data3=0x46a5, Data4=([0]=0xa0, [1]=0x3e, [2]=0x83, [3]=0x46, [4]=0xe2, [5]=0x2e, [6]=0x44, [7]=0xb4))) returned 0x0 [0080.746] CoCreateGuid (in: pguid=0x18c650 | out: pguid=0x18c650*(Data1=0x99458532, Data2=0x7e09, Data3=0x479f, Data4=([0]=0xbe, [1]=0x30, [2]=0x97, [3]=0x3b, [4]=0xac, [5]=0xb6, [6]=0xb4, [7]=0x4e))) returned 0x0 [0081.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", cchWideChar=53, lpMultiByteStr=0x18ec10, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe:\x18\x01ÿ~F;(ú\x07o\x88ï\x18", lpUsedDefaultChar=0x0) returned 53 [0081.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe\"", cchWideChar=55, lpMultiByteStr=0x18ebd4, cbMultiByte=57, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe\"\x01r;\x18\x01C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", lpUsedDefaultChar=0x0) returned 55 [0081.140] CreateProcessAsUserA (in: hToken=0x0, lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18ec8c*(cb=0x24, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x24, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ed78 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe\"", lpProcessInformation=0x18ed78*(hProcess=0x2f4, hThread=0x2f0, dwProcessId=0x234, dwThreadId=0x4ec)) returned 1 [0081.277] CoTaskMemFree (pv=0x0) [0081.288] GetThreadContext (in: hThread=0x2f0, lpContext=0x29bca70 | out: lpContext=0x29bca70*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2db000, Edx=0x0, Ecx=0x0, Eax=0x145faf0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0081.301] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x2db008, lpBuffer=0x0, nSize=0x4, lpNumberOfBytesRead=0x18edac | out: lpBuffer=0x0, lpNumberOfBytesRead=0x18edac) returned 0 [0081.413] VirtualAllocEx (hProcess=0x2f4, lpAddress=0x400000, dwSize=0x30000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0081.429] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x400000, lpBuffer=0x39fc550*, nSize=0x200, lpNumberOfBytesWritten=0x18edac | out: lpBuffer=0x39fc550*, lpNumberOfBytesWritten=0x18edac*=0x200) returned 1 [0081.580] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x402000, lpBuffer=0x3a27d70*, nSize=0x21800, lpNumberOfBytesWritten=0x18edac | out: lpBuffer=0x3a27d70*, lpNumberOfBytesWritten=0x18edac*=0x21800) returned 1 [0091.527] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x424000, lpBuffer=0x29bcd48*, nSize=0x9c00, lpNumberOfBytesWritten=0x18edac | out: lpBuffer=0x29bcd48*, lpNumberOfBytesWritten=0x18edac*=0x9c00) returned 1 [0091.713] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x42e000, lpBuffer=0x29c6954*, nSize=0x200, lpNumberOfBytesWritten=0x18edac | out: lpBuffer=0x29c6954*, lpNumberOfBytesWritten=0x18edac*=0x200) returned 1 [0091.893] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x2db008, lpBuffer=0x29c6b60*, nSize=0x4, lpNumberOfBytesWritten=0x18edac | out: lpBuffer=0x29c6b60*, lpNumberOfBytesWritten=0x18edac*=0x4) returned 1 [0092.041] SetThreadContext (hThread=0x2f0, lpContext=0x29bca70*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2db000, Edx=0x0, Ecx=0x0, Eax=0x4236ae, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0092.196] ResumeThread (hThread=0x2f0) returned 0x1 [0092.269] CoGetContextToken (in: pToken=0x18f6e0 | out: pToken=0x18f6e0) returned 0x0 [0092.269] CObjectContext::QueryInterface () returned 0x0 [0092.269] CObjectContext::GetCurrentThreadType () returned 0x0 [0092.270] Release () returned 0x0 [0092.272] CoGetContextToken (in: pToken=0x18f3fc | out: pToken=0x18f3fc) returned 0x0 [0092.272] CObjectContext::QueryInterface () returned 0x0 [0092.273] CObjectContext::GetCurrentThreadType () returned 0x0 [0092.273] Release () returned 0x0 [0092.290] CoGetContextToken (in: pToken=0x18f3fc | out: pToken=0x18f3fc) returned 0x0 [0092.290] CObjectContext::QueryInterface () returned 0x0 [0092.290] CObjectContext::GetCurrentThreadType () returned 0x0 [0092.290] Release () returned 0x0 [0092.307] CoGetContextToken (in: pToken=0x18f3fc | out: pToken=0x18f3fc) returned 0x0 [0092.307] CObjectContext::QueryInterface () returned 0x0 [0092.307] CObjectContext::GetCurrentThreadType () returned 0x0 [0092.307] Release () returned 0x0 [0092.324] CoGetContextToken (in: pToken=0x18f414 | out: pToken=0x18f414) returned 0x0 [0092.325] CObjectContext::QueryInterface () returned 0x0 [0092.325] CObjectContext::GetCurrentThreadType () returned 0x0 [0092.325] Release () returned 0x0 [0092.327] CoUninitialize () Thread: id = 2 os_tid = 0xc8c Thread: id = 3 os_tid = 0xc74 Thread: id = 4 os_tid = 0xac4 [0072.215] CoGetContextToken (in: pToken=0x4a9fc24 | out: pToken=0x4a9fc24) returned 0x0 [0072.215] CObjectContext::QueryInterface () returned 0x0 [0072.216] CObjectContext::GetCurrentThreadType () returned 0x0 [0072.216] Release () returned 0x0 [0072.216] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0072.216] RoInitialize () returned 0x1 [0072.216] RoUninitialize () returned 0x0 [0092.277] EtwEventUnregister (RegHandle=0x1045958) returned 0x0 [0092.306] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0x10f8 Process: id = "2" image_name = "vbc.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe" page_root = "0x78b5d000" os_pid = "0x234" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xca4" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fdef" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 378 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 379 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 380 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 381 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 382 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 383 start_va = 0x970000 end_va = 0x971fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 384 start_va = 0x13d0000 end_va = 0x1661fff monitored = 1 entry_point = 0x145faf0 region_type = mapped_file name = "vbc.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe") Region: id = 385 start_va = 0x1670000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001670000" filename = "" Region: id = 386 start_va = 0x77170000 end_va = 0x772eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 387 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 388 start_va = 0xfec80000 end_va = 0xfeca2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fec80000" filename = "" Region: id = 389 start_va = 0xfffe0000 end_va = 0x7dfa7be7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 390 start_va = 0x7dfa7be80000 end_va = 0x7ffa7be7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa7be80000" filename = "" Region: id = 391 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 392 start_va = 0x7ffa7c041000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa7c041000" filename = "" Region: id = 393 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 394 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 395 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 396 start_va = 0x400000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 397 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 398 start_va = 0x68470000 end_va = 0x684bffff monitored = 0 entry_point = 0x68488180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 399 start_va = 0x683f0000 end_va = 0x68469fff monitored = 0 entry_point = 0x68403290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 400 start_va = 0x76be0000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76bf3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 401 start_va = 0x684c0000 end_va = 0x684c7fff monitored = 0 entry_point = 0x684c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 402 start_va = 0x980000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 403 start_va = 0x6f7f0000 end_va = 0x6f848fff monitored = 1 entry_point = 0x6f800780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 404 start_va = 0x76be0000 end_va = 0x76cbffff monitored = 0 entry_point = 0x76bf3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 405 start_va = 0x75e30000 end_va = 0x75fadfff monitored = 0 entry_point = 0x75ee1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 406 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 407 start_va = 0xfeb80000 end_va = 0xfec7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000feb80000" filename = "" Region: id = 408 start_va = 0x430000 end_va = 0x4edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 409 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 410 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 411 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 412 start_va = 0x980000 end_va = 0x983fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 413 start_va = 0xb30000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 414 start_va = 0x76ff0000 end_va = 0x7706afff monitored = 0 entry_point = 0x7700e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 415 start_va = 0x76070000 end_va = 0x7612dfff monitored = 0 entry_point = 0x760a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 416 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 417 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 418 start_va = 0x75880000 end_va = 0x758c3fff monitored = 0 entry_point = 0x75899d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 419 start_va = 0x75fc0000 end_va = 0x7606cfff monitored = 0 entry_point = 0x75fd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 420 start_va = 0x73ea0000 end_va = 0x73ebdfff monitored = 0 entry_point = 0x73eab640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 421 start_va = 0x73e90000 end_va = 0x73e99fff monitored = 0 entry_point = 0x73e92a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 422 start_va = 0x76ce0000 end_va = 0x76d37fff monitored = 0 entry_point = 0x76d225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 423 start_va = 0xc30000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 424 start_va = 0x6f770000 end_va = 0x6f7ecfff monitored = 1 entry_point = 0x6f780db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 425 start_va = 0x75990000 end_va = 0x759d4fff monitored = 0 entry_point = 0x759ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 426 start_va = 0x75a80000 end_va = 0x75c3cfff monitored = 0 entry_point = 0x75b62a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 427 start_va = 0x76d40000 end_va = 0x76e8efff monitored = 0 entry_point = 0x76df6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 428 start_va = 0x73ec0000 end_va = 0x74006fff monitored = 0 entry_point = 0x73ed1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 429 start_va = 0x630000 end_va = 0x7b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 430 start_va = 0x990000 end_va = 0x9b9fff monitored = 0 entry_point = 0x995680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 431 start_va = 0x75c40000 end_va = 0x75c6afff monitored = 0 entry_point = 0x75c45680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 432 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 433 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 434 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 435 start_va = 0x7c0000 end_va = 0x940fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 436 start_va = 0x5670000 end_va = 0x6a6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005670000" filename = "" Region: id = 437 start_va = 0x759e0000 end_va = 0x759ebfff monitored = 0 entry_point = 0x759e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 438 start_va = 0x6f760000 end_va = 0x6f767fff monitored = 0 entry_point = 0x6f7617b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 439 start_va = 0x6f070000 end_va = 0x6f750fff monitored = 1 entry_point = 0x6f09cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 440 start_va = 0x6ef70000 end_va = 0x6f064fff monitored = 0 entry_point = 0x6efc4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 441 start_va = 0x990000 end_va = 0x990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 442 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 443 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 444 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 445 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 446 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 447 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 448 start_va = 0xa00000 end_va = 0xa00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 449 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 450 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 451 start_va = 0xa30000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 452 start_va = 0xa30000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 453 start_va = 0xaa0000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 454 start_va = 0xc30000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 455 start_va = 0xe20000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 456 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 457 start_va = 0x6a70000 end_va = 0x8a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a70000" filename = "" Region: id = 458 start_va = 0xd30000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 459 start_va = 0xab0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 460 start_va = 0xe30000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 461 start_va = 0xf30000 end_va = 0x1266fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 462 start_va = 0x6dcb0000 end_va = 0x6ef61fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 463 start_va = 0x76f00000 end_va = 0x76feafff monitored = 0 entry_point = 0x76f3d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 464 start_va = 0x1270000 end_va = 0x1300fff monitored = 0 entry_point = 0x12a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 465 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 466 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 467 start_va = 0x6dc30000 end_va = 0x6dcaffff monitored = 1 entry_point = 0x6dc31180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 468 start_va = 0x76610000 end_va = 0x766a1fff monitored = 0 entry_point = 0x76648cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 469 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 470 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 471 start_va = 0x1270000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 472 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 473 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 474 start_va = 0xaf0000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 475 start_va = 0x8a70000 end_va = 0x8b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a70000" filename = "" Region: id = 476 start_va = 0x8b70000 end_va = 0x9b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b70000" filename = "" Region: id = 477 start_va = 0x9b70000 end_va = 0x9c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b70000" filename = "" Region: id = 478 start_va = 0x9ca0000 end_va = 0xac9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ca0000" filename = "" Region: id = 479 start_va = 0xaca0000 end_va = 0xaeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aca0000" filename = "" Region: id = 480 start_va = 0xdd0000 end_va = 0xdd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 481 start_va = 0xaef0000 end_va = 0xbeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aef0000" filename = "" Region: id = 482 start_va = 0xbef0000 end_va = 0xceeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bef0000" filename = "" Region: id = 483 start_va = 0xcef0000 end_va = 0xdeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cef0000" filename = "" Region: id = 484 start_va = 0x6d260000 end_va = 0x6dc2bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 485 start_va = 0x6cb30000 end_va = 0x6d250fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 486 start_va = 0x6c740000 end_va = 0x6cb22fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "windowsbase.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\9a2107b30cbb02ca475f58ed046eff63\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\9a2107b30cbb02ca475f58ed046eff63\\windowsbase.ni.dll") Region: id = 487 start_va = 0x711a0000 end_va = 0x711b2fff monitored = 0 entry_point = 0x711a9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 488 start_va = 0x6ff90000 end_va = 0x6ffbefff monitored = 0 entry_point = 0x6ffa95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 489 start_va = 0x714e0000 end_va = 0x714fafff monitored = 0 entry_point = 0x714e9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 490 start_va = 0x6bc20000 end_va = 0x6c738fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationcore.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\d7a637fdf68801e37fc897b530f9a8a6\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\d7a637fdf68801e37fc897b530f9a8a6\\presentationcore.ni.dll") Region: id = 491 start_va = 0x6a980000 end_va = 0x6bc12fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationframework.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\56617af3d6fd992497999aec2be809a4\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\56617af3d6fd992497999aec2be809a4\\presentationframework.ni.dll") Region: id = 492 start_va = 0x70b10000 end_va = 0x70d00fff monitored = 0 entry_point = 0x70bf3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 493 start_va = 0x6a7d0000 end_va = 0x6a97efff monitored = 1 entry_point = 0x6a7f4930 region_type = mapped_file name = "wpfgfx_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\wpfgfx_v0400.dll") Region: id = 494 start_va = 0x6a700000 end_va = 0x6a7c8fff monitored = 1 entry_point = 0x6a7281f0 region_type = mapped_file name = "presentationnative_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\presentationnative_v0400.dll") Region: id = 495 start_va = 0xde0000 end_va = 0xdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 496 start_va = 0xdf0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 497 start_va = 0xdf0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 498 start_va = 0xdf0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 499 start_va = 0x74480000 end_va = 0x7587efff monitored = 0 entry_point = 0x7463b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 500 start_va = 0x75de0000 end_va = 0x75e16fff monitored = 0 entry_point = 0x75de3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 501 start_va = 0x766e0000 end_va = 0x76bd8fff monitored = 0 entry_point = 0x768e7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 502 start_va = 0x770e0000 end_va = 0x7716cfff monitored = 0 entry_point = 0x77129b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 503 start_va = 0x761d0000 end_va = 0x76213fff monitored = 0 entry_point = 0x761d7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 504 start_va = 0x75fb0000 end_va = 0x75fbefff monitored = 0 entry_point = 0x75fb2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 505 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 506 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 507 start_va = 0xdf0000 end_va = 0xdf8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 508 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 509 start_va = 0xdf0000 end_va = 0xdf8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 510 start_va = 0xdf0000 end_va = 0xdf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 511 start_va = 0xdf0000 end_va = 0xdf8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 512 start_va = 0x1270000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 513 start_va = 0x12f0000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 514 start_va = 0xe500000 end_va = 0xeb01fff monitored = 1 entry_point = 0xeadddaa region_type = mapped_file name = "system.servicemodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") Region: id = 515 start_va = 0xdf0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 516 start_va = 0xe00000 end_va = 0xe0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 517 start_va = 0xe10000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 518 start_va = 0x12b0000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 519 start_va = 0x6a450000 end_va = 0x6a6fefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runteb92aa12#\\9b0d0cb232dec8e57df49678532cb923\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runteb92aa12#\\9b0d0cb232dec8e57df49678532cb923\\system.runtime.serialization.ni.dll") Region: id = 520 start_va = 0x12c0000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 521 start_va = 0xe000000 end_va = 0xe105fff monitored = 1 entry_point = 0xe1009a2 region_type = mapped_file name = "system.identitymodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") Region: id = 522 start_va = 0x12d0000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 523 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 524 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 525 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 526 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 527 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 528 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 529 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 530 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 531 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 532 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 533 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 534 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 535 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 536 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 537 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 538 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 539 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 540 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 541 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 542 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 543 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 544 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 545 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 546 start_va = 0x6a430000 end_va = 0x6a44dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\cde471ea4f02c36c73581ed5681e463e\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\cde471ea4f02c36c73581ed5681e463e\\smdiagnostics.ni.dll") Region: id = 547 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 548 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 549 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 550 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 551 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 552 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 553 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 554 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 555 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 556 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 557 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 558 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 559 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 560 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 561 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 562 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 563 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 564 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 565 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 566 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 567 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 568 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 569 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 570 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 571 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 572 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 573 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 574 start_va = 0x69d10000 end_va = 0x6a42dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll") Region: id = 575 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 576 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 577 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 578 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 579 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 580 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 581 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 582 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 583 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 584 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 585 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 586 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 587 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 588 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 589 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 590 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 591 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 592 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 593 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 594 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 595 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 596 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 597 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 598 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 599 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 600 start_va = 0x69c40000 end_va = 0x69d02fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Servd1dec626#\\1348a5d04b41c614e48fe5fdb88d1cfa\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servd1dec626#\\1348a5d04b41c614e48fe5fdb88d1cfa\\system.servicemodel.internals.ni.dll") Region: id = 601 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 602 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 603 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 604 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 605 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 606 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 607 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 608 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 609 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 610 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 611 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 612 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 613 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 614 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 615 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 616 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 617 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 618 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 619 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 620 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 621 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 622 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 623 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 624 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 625 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 626 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 627 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 628 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 629 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 630 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 631 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 632 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 633 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 634 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 635 start_va = 0x69b40000 end_va = 0x69c30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll") Region: id = 636 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 637 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 638 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 639 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 640 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 641 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 642 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 643 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 644 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 645 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 646 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 647 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 648 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 649 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 650 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 651 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 652 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 653 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 654 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 655 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 656 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 657 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 658 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 659 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 660 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 661 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 662 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 663 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 664 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 665 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 666 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 667 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 668 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 669 start_va = 0x69a90000 end_va = 0x69b3efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Transactions\\69b67a0435275c1ec53e3bdf64a063b1\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.transactions\\69b67a0435275c1ec53e3bdf64a063b1\\system.transactions.ni.dll") Region: id = 670 start_va = 0x69a40000 end_va = 0x69a8afff monitored = 1 entry_point = 0x69a5f8c2 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 671 start_va = 0x1320000 end_va = 0x136bfff monitored = 1 entry_point = 0x133f8c2 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 672 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 673 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 674 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 675 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 676 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 677 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 678 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 679 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 680 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 681 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 682 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 683 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 684 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 685 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 686 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 687 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 688 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 689 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 690 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 691 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 692 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 693 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 694 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 695 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 696 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 697 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 698 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 699 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 700 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 701 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 702 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 703 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 704 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 705 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 706 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 707 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 708 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 709 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 710 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 711 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 712 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 713 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 714 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 715 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 716 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 717 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 718 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 719 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 720 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 721 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 722 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 723 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 724 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 725 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 726 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 727 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 728 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 729 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 730 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 731 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 732 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 733 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 734 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 735 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 736 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 737 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 738 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 739 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 740 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 741 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 742 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 743 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 744 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 745 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 746 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 747 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 748 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 749 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 750 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 751 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 752 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 753 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 754 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 755 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 756 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 757 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 758 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 759 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 760 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 761 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 762 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 763 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 764 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 765 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 766 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 767 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 768 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 769 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 770 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 771 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 772 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 773 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 774 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 775 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 776 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 777 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 778 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 779 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 780 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 781 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 782 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 783 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 784 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 785 start_va = 0x1350000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 786 start_va = 0x1360000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 787 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 788 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 789 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 790 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 791 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 792 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 793 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 794 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 795 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 796 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 797 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 798 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 799 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 800 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 801 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 802 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 803 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 804 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 805 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 806 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 807 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 808 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 809 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 810 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 811 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 812 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 813 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 814 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 815 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 816 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 817 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 818 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 819 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 820 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 821 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 822 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 823 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 824 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 825 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 826 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 827 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 828 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 829 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 830 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 831 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 832 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 833 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 834 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 835 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 836 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 837 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 838 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 839 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 840 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 841 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 842 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 843 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 844 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 845 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 846 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 847 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 848 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 849 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 850 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 851 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 852 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 853 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 854 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 855 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 856 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 857 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 858 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 859 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 860 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 861 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 862 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 863 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 864 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 865 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 866 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 867 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 868 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 869 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 870 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 871 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 872 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 873 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 874 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 875 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 876 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 877 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 878 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 879 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 880 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 881 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 882 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 883 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 884 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 885 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 886 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 887 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 888 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 889 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 890 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 891 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 892 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 893 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 894 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 895 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 896 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 897 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 898 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 899 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 900 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 901 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 902 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 903 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 904 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 905 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 906 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 907 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 908 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 909 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 910 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 911 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 912 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 913 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 914 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 915 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 916 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 917 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 918 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 919 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 920 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 921 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 922 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 923 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 924 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 925 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 926 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 927 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 928 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 929 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 930 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 931 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 932 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 933 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 934 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 935 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 936 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 937 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 938 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 939 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 940 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 941 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 942 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 943 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 944 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 945 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 946 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 947 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 948 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 949 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 950 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 951 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 952 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 953 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 954 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 955 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 956 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 957 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 958 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 959 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 960 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 961 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 962 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 963 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 964 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 965 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 966 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 967 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 968 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 969 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 970 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 971 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 972 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 973 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 974 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 975 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 976 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 977 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 978 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 979 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 980 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 981 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 982 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 983 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 984 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 985 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 986 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 987 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 988 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 989 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 990 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 991 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 992 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 993 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 994 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 995 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 996 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 997 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 998 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 999 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1000 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1001 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1002 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1003 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1004 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1005 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1006 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1007 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1008 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1009 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1010 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1011 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1012 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1013 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1014 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1015 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1016 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1017 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1018 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1019 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1020 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1021 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1022 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1023 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1024 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1025 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1026 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1027 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1028 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1029 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1030 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1031 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1032 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1033 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1034 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1035 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1036 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1037 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1038 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1039 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1040 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1041 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1042 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1043 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1044 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1045 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1046 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1047 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1048 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1049 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1050 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1051 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1052 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1053 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1054 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1055 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1056 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1057 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1058 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1059 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1060 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1061 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1062 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1063 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1064 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1065 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1066 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1067 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1068 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1069 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1070 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1071 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1072 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1073 start_va = 0x1320000 end_va = 0x132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 1074 start_va = 0x1330000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 1075 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1076 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1077 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1078 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1079 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1080 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1081 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1082 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1083 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1084 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1085 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1086 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1087 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1088 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1089 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1090 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1091 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1092 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1093 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1094 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1095 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1096 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1097 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1098 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1099 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1100 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1101 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1102 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1103 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1104 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1105 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1106 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1107 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1108 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1109 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1110 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1111 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1112 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1113 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1114 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1115 start_va = 0x1310000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1116 start_va = 0x8a70000 end_va = 0x8b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a70000" filename = "" Region: id = 1117 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1118 start_va = 0x1350000 end_va = 0x138ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 1119 start_va = 0xdef0000 end_va = 0xdfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000def0000" filename = "" Region: id = 1120 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1121 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1122 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1123 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1124 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1125 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1126 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1127 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1128 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1129 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1130 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1131 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1132 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1133 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1134 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1135 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1136 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1137 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1138 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1139 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1140 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1141 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1142 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1143 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1144 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1145 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1146 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1147 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1148 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1149 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1150 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1151 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1152 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1153 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1154 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1155 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1156 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1157 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1158 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1159 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1160 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1161 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1162 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1163 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1164 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1165 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1166 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1167 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1168 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1169 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1170 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1171 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1172 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1173 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1174 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1175 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1176 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1177 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1178 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1179 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1180 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1181 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1182 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1183 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1184 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1185 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1186 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1187 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1188 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1189 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1190 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1191 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1192 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1193 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1194 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1195 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1196 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1197 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1198 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1199 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1200 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1201 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1202 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1203 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1204 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1205 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1206 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1207 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1208 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1209 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1210 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1211 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1212 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1213 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1214 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1215 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1216 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1217 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1218 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1219 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1220 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1221 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1222 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1223 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1224 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1225 start_va = 0x1390000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 1226 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1227 start_va = 0x13a0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1228 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1229 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1230 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1231 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1232 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1233 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1234 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1235 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1236 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1237 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1238 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1239 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1240 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1241 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1242 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1243 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1244 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1245 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1246 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1247 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1248 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1249 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1250 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1251 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1252 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1253 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1254 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1255 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1256 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1257 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1258 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1259 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1260 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1261 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1262 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1263 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1264 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1265 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1266 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1267 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1268 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1269 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1270 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1271 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1272 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1273 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1274 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1275 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1276 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1277 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1278 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1279 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1280 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1284 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1285 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1286 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1287 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1288 start_va = 0xe140000 end_va = 0xe14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e140000" filename = "" Region: id = 1289 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 1290 start_va = 0xe160000 end_va = 0xe16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e160000" filename = "" Region: id = 1291 start_va = 0xe170000 end_va = 0xe17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e170000" filename = "" Region: id = 1292 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 1293 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 1294 start_va = 0xe1a0000 end_va = 0xe1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1a0000" filename = "" Region: id = 1295 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1296 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1297 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1298 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1299 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1300 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1301 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1302 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1303 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1304 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1305 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1306 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1307 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1308 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1309 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1310 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1311 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1312 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1313 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1314 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1315 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1316 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1317 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1318 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1319 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1320 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1321 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1322 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1323 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1324 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1325 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1326 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1327 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1328 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1329 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1330 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1331 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1332 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1333 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1334 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1335 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1336 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1337 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1338 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1339 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1340 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1341 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1342 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1343 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1344 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1345 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1346 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1347 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1348 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1349 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1350 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1351 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1352 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1353 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1354 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1355 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1356 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1357 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1358 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1359 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1360 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1361 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1362 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1363 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1364 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1365 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1366 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1367 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1368 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1369 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1370 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1371 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1372 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1373 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1374 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1375 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1376 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1377 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1378 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1379 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1380 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1381 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1382 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1383 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1384 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1385 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1386 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1387 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1388 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1389 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1390 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1391 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1392 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1393 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1394 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1395 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1396 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1397 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1398 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1399 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1400 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1401 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1402 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1403 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1404 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1405 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1406 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1407 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1408 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1409 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1410 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1411 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1412 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1413 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1414 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1415 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1416 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1417 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1418 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1419 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1420 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1421 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1422 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1423 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1424 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1425 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1426 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1427 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1428 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1429 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1430 start_va = 0xfeb30000 end_va = 0xfeb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000feb30000" filename = "" Region: id = 1431 start_va = 0xfeb20000 end_va = 0xfeb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000feb20000" filename = "" Region: id = 1432 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1433 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1434 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1435 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1436 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1437 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1438 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1439 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1440 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1441 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1442 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1443 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1444 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1445 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1446 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1447 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1448 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1449 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1450 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1451 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1452 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1453 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1454 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1455 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1456 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1457 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1458 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1459 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1460 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1461 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1462 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1463 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1464 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1465 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1466 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1467 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1468 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1469 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1470 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1471 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1472 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1473 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1474 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1475 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1476 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1477 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1478 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1479 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1480 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1481 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1482 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1483 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1484 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1485 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1486 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1487 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1488 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1489 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1490 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1491 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1492 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1493 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1494 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1495 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1496 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1497 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1498 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1499 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1500 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1501 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1502 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1503 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1504 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1505 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1506 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1507 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1508 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1509 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1510 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1511 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1512 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1513 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1514 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1515 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1516 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1517 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1518 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1519 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1520 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1521 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1522 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1523 start_va = 0xdff0000 end_va = 0xdffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dff0000" filename = "" Region: id = 1524 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1525 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1526 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1527 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1528 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1529 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1530 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1531 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1532 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1533 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1534 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1535 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1536 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1537 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1538 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1539 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1540 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1541 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1542 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1543 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1544 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1545 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1546 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1547 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1548 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1549 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1550 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1551 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1552 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1553 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1554 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1555 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1556 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1557 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1558 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1559 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1560 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1561 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1562 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1563 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1564 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1565 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1566 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1567 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1568 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1569 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1570 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1571 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1572 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1573 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1574 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1575 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1576 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1577 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1578 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1579 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1580 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1581 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1582 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1583 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1584 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1585 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1586 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1587 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1588 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1589 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1590 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1591 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1592 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1593 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1594 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1595 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1596 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1597 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1598 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1599 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1600 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1601 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1602 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1603 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1604 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1605 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1606 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1607 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1608 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1609 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1610 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1611 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1612 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1613 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1614 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1615 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1616 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1617 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1618 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1619 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1620 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1621 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1622 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1623 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1624 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1625 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1626 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1627 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1628 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1629 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1630 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1631 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1632 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1633 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1634 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1635 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1636 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1637 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1638 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1639 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1640 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1641 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1642 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1643 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1644 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1645 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1646 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1647 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1648 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1649 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1650 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1651 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1652 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1653 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1654 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1655 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1656 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1657 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1658 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1659 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1660 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1661 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1662 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1663 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1664 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1665 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1666 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1667 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1668 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1669 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1670 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1671 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1672 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1673 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1674 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1675 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1676 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1677 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1678 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1679 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1680 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1681 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1682 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1683 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1684 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1685 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1686 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1687 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1688 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1689 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1690 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1691 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1692 start_va = 0xe110000 end_va = 0xe11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e110000" filename = "" Region: id = 1693 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1694 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1695 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1696 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1697 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1698 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1699 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1700 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1701 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1702 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1703 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1704 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1705 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1706 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1707 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1708 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1709 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1710 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1711 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1712 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1713 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1714 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1715 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1716 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1717 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1718 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1719 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1720 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1721 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1722 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1723 start_va = 0x758d0000 end_va = 0x7592efff monitored = 0 entry_point = 0x758d4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1724 start_va = 0x713a0000 end_va = 0x713eefff monitored = 0 entry_point = 0x713ad850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1725 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1726 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1727 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1728 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1729 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1730 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1731 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1732 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1733 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1734 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1735 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1736 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1737 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1738 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1739 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1740 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1741 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1742 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1743 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1744 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1745 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1746 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1747 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1748 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1749 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1750 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1751 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1752 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1753 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1754 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1755 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1756 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1757 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1758 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1759 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1760 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1761 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1762 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1763 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1764 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1765 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1766 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1767 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1768 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1769 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1770 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1771 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1772 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1773 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1774 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1775 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1776 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1777 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1778 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1779 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1780 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1781 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1782 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1783 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1784 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1785 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1786 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1787 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1788 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1789 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1790 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1791 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1792 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1793 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1794 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1795 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1796 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1797 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1798 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1799 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1800 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1801 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1802 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1803 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1804 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1805 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1806 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1807 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1808 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1809 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1810 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1811 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1812 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1813 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1814 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1815 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1816 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1817 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1818 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1819 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1820 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1821 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1822 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1823 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1824 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1825 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1826 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1827 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1828 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1829 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1830 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1831 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1832 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1833 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1834 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1835 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1836 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1837 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1838 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1839 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1840 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1841 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1842 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1843 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1844 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1845 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1846 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1847 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1848 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1849 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1850 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1851 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1852 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1853 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1854 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1855 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1856 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1857 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1858 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1859 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1860 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1861 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1862 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1863 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1864 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1865 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1866 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1867 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1868 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1869 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1870 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1871 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1872 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1873 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1874 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1875 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1876 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1877 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1878 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1879 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1880 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1881 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1882 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1883 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1884 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1885 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1886 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1887 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1888 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1889 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1890 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1891 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1892 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1893 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1894 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1895 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1896 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1897 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1898 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1899 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1900 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1901 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1902 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1903 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1904 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1905 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1906 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1907 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1908 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1909 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1910 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1911 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1912 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1913 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1914 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1915 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1916 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1917 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1918 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1919 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1920 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1921 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1922 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1923 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1924 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1925 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1926 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1927 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1928 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1929 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1930 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1931 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1932 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1933 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1934 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1935 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1936 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1937 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1938 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1939 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1940 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1941 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1942 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1943 start_va = 0xe140000 end_va = 0xe14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e140000" filename = "" Region: id = 1944 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1945 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1946 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1947 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1948 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1949 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1950 start_va = 0xe120000 end_va = 0xe12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e120000" filename = "" Region: id = 1951 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1952 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1953 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1954 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1955 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1956 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1957 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1958 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1959 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1960 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1961 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1962 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1963 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1964 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1965 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1966 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1967 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 1968 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 1969 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1970 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1971 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1972 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1973 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1974 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1975 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1976 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1977 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1978 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1979 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1980 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1981 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1982 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1983 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1984 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1985 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 1986 start_va = 0xe160000 end_va = 0xe16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e160000" filename = "" Region: id = 1987 start_va = 0xe170000 end_va = 0xe17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e170000" filename = "" Region: id = 1988 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 1989 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 1990 start_va = 0xe1a0000 end_va = 0xe1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1a0000" filename = "" Region: id = 1991 start_va = 0xe1b0000 end_va = 0xe1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1b0000" filename = "" Region: id = 1992 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1993 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1994 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1995 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1996 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1997 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1998 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 1999 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2000 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2001 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2002 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2003 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2004 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2005 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2006 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2007 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2008 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2009 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2010 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2011 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2012 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2013 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2014 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2015 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2016 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2017 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2018 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2019 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2020 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2021 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2022 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2023 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2024 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2025 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2026 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2027 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2028 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2029 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2030 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2031 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2032 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2033 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2034 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2035 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2036 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2037 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2038 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2039 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2040 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2041 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2042 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2043 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2044 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2045 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2046 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2047 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2048 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2049 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2050 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2051 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2052 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2053 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2054 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2055 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2056 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2057 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2058 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2059 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2060 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2061 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2062 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2063 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2064 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2065 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2066 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2067 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2068 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2069 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2070 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2071 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2072 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2073 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2074 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2075 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2076 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2077 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2078 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2079 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2080 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2081 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2082 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2083 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2084 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2085 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2086 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2087 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2088 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2089 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2090 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2091 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2092 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2093 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2094 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2095 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2096 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2097 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2098 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2099 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2100 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2101 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2102 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2103 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2104 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2105 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2106 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2107 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2108 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2109 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2110 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2111 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2112 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2113 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2114 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2115 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2116 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2117 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2118 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2119 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2120 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2121 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2122 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2123 start_va = 0xe160000 end_va = 0xe16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e160000" filename = "" Region: id = 2124 start_va = 0xe170000 end_va = 0xe17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e170000" filename = "" Region: id = 2125 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2126 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 2127 start_va = 0xe1a0000 end_va = 0xe1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1a0000" filename = "" Region: id = 2128 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2129 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2130 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2131 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2132 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2133 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2134 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2135 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2136 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2137 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2138 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2139 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2140 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2141 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2142 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2143 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2144 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2145 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2146 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2147 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2148 start_va = 0x686c0000 end_va = 0x68846fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\849e4f93d41f8b6645878090ee9a7505\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\849e4f93d41f8b6645878090ee9a7505\\microsoft.csharp.ni.dll") Region: id = 2149 start_va = 0x68530000 end_va = 0x686befff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll") Region: id = 2150 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2151 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2152 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2153 start_va = 0xe130000 end_va = 0xe13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e130000" filename = "" Region: id = 2154 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2155 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2156 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2157 start_va = 0x682d0000 end_va = 0x683ecfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll") Region: id = 2158 start_va = 0x6fb50000 end_va = 0x6fb59fff monitored = 0 entry_point = 0x6fb53200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2159 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2160 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2161 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2162 start_va = 0x68520000 end_va = 0x6852afff monitored = 1 entry_point = 0x685241f0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2163 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2164 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2165 start_va = 0xe150000 end_va = 0xe15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e150000" filename = "" Region: id = 2166 start_va = 0xe160000 end_va = 0xe16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e160000" filename = "" Region: id = 2167 start_va = 0xe150000 end_va = 0xe150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000e150000" filename = "" Region: id = 2168 start_va = 0x759f0000 end_va = 0x75a73fff monitored = 0 entry_point = 0x75a16220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2169 start_va = 0xe1b0000 end_va = 0xe1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1b0000" filename = "" Region: id = 2170 start_va = 0xe1f0000 end_va = 0xe2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1f0000" filename = "" Region: id = 2171 start_va = 0xe170000 end_va = 0xe170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000e170000" filename = "" Region: id = 2172 start_va = 0x68500000 end_va = 0x6851bfff monitored = 0 entry_point = 0x6850aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2173 start_va = 0x68260000 end_va = 0x682c6fff monitored = 0 entry_point = 0x6827b610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2174 start_va = 0xe2f0000 end_va = 0xe3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e2f0000" filename = "" Region: id = 2175 start_va = 0x684f0000 end_va = 0x684fcfff monitored = 0 entry_point = 0x684f3520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2738 start_va = 0x684d0000 end_va = 0x684e0fff monitored = 0 entry_point = 0x684d8fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2739 start_va = 0x681a0000 end_va = 0x6825efff monitored = 0 entry_point = 0x681d1e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2826 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2827 start_va = 0x67530000 end_va = 0x68196fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll") Region: id = 2828 start_va = 0x73d70000 end_va = 0x73de4fff monitored = 0 entry_point = 0x73da9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2829 start_va = 0xe3f0000 end_va = 0xe4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e3f0000" filename = "" Region: id = 2831 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2832 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2833 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 2834 start_va = 0xe3f0000 end_va = 0xe3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e3f0000" filename = "" Region: id = 2835 start_va = 0xe4a0000 end_va = 0xe4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e4a0000" filename = "" Region: id = 2836 start_va = 0xe400000 end_va = 0xe40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e400000" filename = "" Region: id = 2837 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 2838 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2839 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2840 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2841 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2842 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2843 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2844 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2845 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2846 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2847 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2848 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 2849 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2850 start_va = 0xeb10000 end_va = 0xec0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eb10000" filename = "" Region: id = 2853 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2857 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 2858 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3480 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3481 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3482 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3483 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3484 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3485 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3486 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3487 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 3488 start_va = 0xe3f0000 end_va = 0xe3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e3f0000" filename = "" Region: id = 3489 start_va = 0xe400000 end_va = 0xe40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e400000" filename = "" Region: id = 3490 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3491 start_va = 0xe420000 end_va = 0xe42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e420000" filename = "" Region: id = 3492 start_va = 0xe430000 end_va = 0xe43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e430000" filename = "" Region: id = 3493 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3494 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 3495 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3496 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3497 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3498 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 3499 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3500 start_va = 0xe190000 end_va = 0xe19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e190000" filename = "" Region: id = 3501 start_va = 0xe400000 end_va = 0xe40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e400000" filename = "" Region: id = 3502 start_va = 0xe180000 end_va = 0xe18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e180000" filename = "" Region: id = 3503 start_va = 0xe180000 end_va = 0xe190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000e180000" filename = "" Region: id = 3504 start_va = 0x698d0000 end_va = 0x69a3afff monitored = 0 entry_point = 0x6993e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 3505 start_va = 0xd30000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 3506 start_va = 0xd30000 end_va = 0xd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 3507 start_va = 0xd90000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 3508 start_va = 0xec10000 end_va = 0xed0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ec10000" filename = "" Region: id = 3509 start_va = 0xd70000 end_va = 0xd73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 3510 start_va = 0x75c70000 end_va = 0x75d8efff monitored = 0 entry_point = 0x75cb5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3511 start_va = 0xed10000 end_va = 0xf201fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ed10000" filename = "" Region: id = 3512 start_va = 0xf210000 end_va = 0xf701fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f210000" filename = "" Region: id = 3513 start_va = 0xf710000 end_va = 0xfc01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f710000" filename = "" Region: id = 3514 start_va = 0xd80000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 3515 start_va = 0x69750000 end_va = 0x698c2fff monitored = 0 entry_point = 0x697fd220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 3516 start_va = 0xfc10000 end_va = 0xfd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fc10000" filename = "" Region: id = 3517 start_va = 0xfd10000 end_va = 0xfdb2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fd10000" filename = "" Region: id = 3518 start_va = 0xda0000 end_va = 0xdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 3519 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3520 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3521 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3522 start_va = 0xdc0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 3523 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3524 start_va = 0xdc0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 3525 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3526 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3527 start_va = 0xdc0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 3530 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3533 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3534 start_va = 0xdc0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 3597 start_va = 0xdb0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3598 start_va = 0xdc0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 3599 start_va = 0xdb0000 end_va = 0xdb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 3600 start_va = 0xed10000 end_va = 0xedd9fff monitored = 0 entry_point = 0xed121f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 3601 start_va = 0xdb0000 end_va = 0xdb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 3602 start_va = 0xed10000 end_va = 0xedd9fff monitored = 0 entry_point = 0xed121f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 3603 start_va = 0xdb0000 end_va = 0xdb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 3604 start_va = 0xe400000 end_va = 0xe40ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 3605 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3606 start_va = 0xe420000 end_va = 0xe42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e420000" filename = "" Region: id = 3607 start_va = 0x69650000 end_va = 0x69713fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\754ca70e68140abcdb8476cff64c4169\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\754ca70e68140abcdb8476cff64c4169\\system.security.ni.dll") Region: id = 3608 start_va = 0xe430000 end_va = 0xe43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e430000" filename = "" Region: id = 3609 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3610 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3611 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3612 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3613 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3614 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3615 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Region: id = 3616 start_va = 0x76e90000 end_va = 0x76e95fff monitored = 0 entry_point = 0x76e91460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 3617 start_va = 0xe410000 end_va = 0xe41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e410000" filename = "" Thread: id = 6 os_tid = 0x4ec [0095.089] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0095.094] RoInitialize () returned 0x1 [0095.095] RoUninitialize () returned 0x0 [0096.892] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x600, lpName=0x0) returned 0x230 [0096.892] memcpy (in: _Dst=0xdd0000, _Src=0x6a79c2c, _Size=0x600 | out: _Dst=0xdd0000) returned 0xdd0000 [0096.893] CloseHandle (hObject=0x230) returned 1 [0100.355] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0xb76b60 [0100.391] ??2@YAPAXI@Z () returned 0xb89548 [0100.515] SetProcessDPIAware () returned 1 [0100.524] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x18ceb0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0100.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ce8c | out: phkResult=0x18ce8c*=0x23c) returned 0x0 [0100.529] RegQueryValueExW (in: hKey=0x23c, lpValueName="InstallPath", lpReserved=0x0, lpType=0x18ce88, lpData=0x18d0e4, lpcbData=0x18ce84*=0x208 | out: lpType=0x18ce88*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x18ce84*=0x5e) returned 0x0 [0100.529] RegCloseKey (hKey=0x23c) returned 0x0 [0100.539] PathAppendW (in: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", pMore="WPF" | out: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF") returned 1 [0100.540] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76be0000 [0100.541] GetProcAddress (hModule=0x76be0000, lpProcName="AddDllDirectory") returned 0x75f645e0 [0100.541] LoadLibraryExW (lpLibFileName="dwrite.dll", hFile=0x0, dwFlags=0x800) returned 0x70b10000 [0100.557] GetProcAddress (hModule=0x70b10000, lpProcName="DWriteCreateFactory") returned 0x70b8e750 [0100.558] PathCombineW (in: pszDest=0x18ceb8, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="wpfgfx_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" [0100.558] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned 0x6a7d0000 [0100.640] PathCombineW (in: pszDest=0x18ceb8, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="PresentationNative_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" [0100.640] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6a700000 [0101.319] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x18ee88 | out: pTimeZoneInformation=0x18ee88) returned 0x2 [0101.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ef6c | out: phkResult=0x18ef6c*=0x27c) returned 0x0 [0101.334] RegQueryValueExW (in: hKey=0x27c, lpValueName="TZI", lpReserved=0x0, lpType=0x18ef88, lpData=0x0, lpcbData=0x18ef84*=0x0 | out: lpType=0x18ef88*=0x3, lpData=0x0, lpcbData=0x18ef84*=0x2c) returned 0x0 [0101.336] RegQueryValueExW (in: hKey=0x27c, lpValueName="TZI", lpReserved=0x0, lpType=0x18ef88, lpData=0x6a8a9d0, lpcbData=0x18ef84*=0x2c | out: lpType=0x18ef88*=0x3, lpData=0x6a8a9d0*, lpcbData=0x18ef84*=0x2c) returned 0x0 [0101.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x18edc0 | out: phkResult=0x18edc0*=0x0) returned 0x2 [0101.339] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x18ef60, lpData=0x0, lpcbData=0x18ef5c*=0x0 | out: lpType=0x18ef60*=0x1, lpData=0x0, lpcbData=0x18ef5c*=0x20) returned 0x0 [0101.339] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x18ef60, lpData=0x6a8af0c, lpcbData=0x18ef5c*=0x20 | out: lpType=0x18ef60*=0x1, lpData="@tzres.dll,-320", lpcbData=0x18ef5c*=0x20) returned 0x0 [0101.339] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x18ef60, lpData=0x0, lpcbData=0x18ef5c*=0x0 | out: lpType=0x18ef60*=0x1, lpData=0x0, lpcbData=0x18ef5c*=0x20) returned 0x0 [0101.340] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x18ef60, lpData=0x6a8af64, lpcbData=0x18ef5c*=0x20 | out: lpType=0x18ef60*=0x1, lpData="@tzres.dll,-322", lpcbData=0x18ef5c*=0x20) returned 0x0 [0101.340] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x18ef60, lpData=0x0, lpcbData=0x18ef5c*=0x0 | out: lpType=0x18ef60*=0x1, lpData=0x0, lpcbData=0x18ef5c*=0x20) returned 0x0 [0101.340] RegQueryValueExW (in: hKey=0x27c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x18ef60, lpData=0x6a8afbc, lpcbData=0x18ef5c*=0x20 | out: lpType=0x18ef60*=0x1, lpData="@tzres.dll,-321", lpcbData=0x18ef5c*=0x20) returned 0x0 [0102.538] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.538] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb99ca0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0102.548] CoTaskMemFree (pv=0xb99ca0) [0102.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d990 | out: phkResult=0x18d990*=0x0) returned 0x2 [0102.578] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.578] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath=0xb99ca0, pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74 | out: pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74) returned 1 [0102.598] CoTaskMemFree (pv=0x0) [0102.598] CoTaskMemFree (pv=0xb99ca0) [0102.600] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0xdf0001 [0102.607] CoTaskMemAlloc (cb=0x3ec) returned 0xb86678 [0102.607] LoadStringW (in: hInstance=0xdf0001, uID=0x140, lpBuffer=0xb86678, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0102.608] CoTaskMemFree (pv=0xb86678) [0102.610] FreeLibrary (hLibModule=0xdf0001) returned 1 [0102.610] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.610] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb99ca0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0102.611] CoTaskMemFree (pv=0xb99ca0) [0102.611] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.611] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath=0xb99ca0, pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74 | out: pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74) returned 1 [0102.613] CoTaskMemFree (pv=0x0) [0102.613] CoTaskMemFree (pv=0xb99ca0) [0102.613] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0xdf0001 [0102.615] CoTaskMemAlloc (cb=0x3ec) returned 0xb86678 [0102.615] LoadStringW (in: hInstance=0xdf0001, uID=0x142, lpBuffer=0xb86678, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0102.615] CoTaskMemFree (pv=0xb86678) [0102.615] FreeLibrary (hLibModule=0xdf0001) returned 1 [0102.616] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.616] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb99ca0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0102.616] CoTaskMemFree (pv=0xb99ca0) [0102.616] CoTaskMemAlloc (cb=0x20c) returned 0xb99ca0 [0102.616] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath=0xb99ca0, pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74 | out: pwszLanguage=0x0, pcchLanguage=0x18ef7c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18ef80, pululEnumerator=0x18ef74) returned 1 [0102.618] CoTaskMemFree (pv=0x0) [0102.618] CoTaskMemFree (pv=0xb99ca0) [0102.618] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0xdf0001 [0102.620] CoTaskMemAlloc (cb=0x3ec) returned 0xb86678 [0102.620] LoadStringW (in: hInstance=0xdf0001, uID=0x141, lpBuffer=0xb86678, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0102.620] CoTaskMemFree (pv=0xb86678) [0102.620] FreeLibrary (hLibModule=0xdf0001) returned 1 [0102.622] RegCloseKey (hKey=0x27c) returned 0x0 [0111.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", nBufferLength=0x105, lpBuffer=0x18e370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", lpFilePart=0x0) returned 0x3c [0111.532] GetCurrentProcess () returned 0xffffffff [0111.533] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e6d0 | out: TokenHandle=0x18e6d0*=0x2f4) returned 1 [0111.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18e168, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0111.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18e6c8 | out: lpFileInformation=0x18e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0111.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18e6d0 | out: lpFileInformation=0x18e6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0111.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0111.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e608) returned 1 [0111.545] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2fc [0111.545] GetFileType (hFile=0x2fc) returned 0x1 [0111.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e604) returned 1 [0111.545] GetFileType (hFile=0x2fc) returned 0x1 [0111.617] GetFileSize (in: hFile=0x2fc, lpFileSizeHigh=0x18e6c4 | out: lpFileSizeHigh=0x18e6c4*=0x0) returned 0x8c8f [0111.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e680, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e680*=0x1000, lpOverlapped=0x0) returned 1 [0111.666] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e530, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e530*=0x1000, lpOverlapped=0x0) returned 1 [0111.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e3e4, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e3e4*=0x1000, lpOverlapped=0x0) returned 1 [0111.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e3e4, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e3e4*=0x1000, lpOverlapped=0x0) returned 1 [0111.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e3e4, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e3e4*=0x1000, lpOverlapped=0x0) returned 1 [0111.693] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e31c, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e31c*=0x1000, lpOverlapped=0x0) returned 1 [0111.711] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e49c, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e49c*=0x1000, lpOverlapped=0x0) returned 1 [0111.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e3ac, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e3ac*=0x1000, lpOverlapped=0x0) returned 1 [0111.715] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e3ac, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e3ac*=0xc8f, lpOverlapped=0x0) returned 1 [0111.716] ReadFile (in: hFile=0x2fc, lpBuffer=0x6a9f128, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e46c, lpOverlapped=0x0 | out: lpBuffer=0x6a9f128*, lpNumberOfBytesRead=0x18e46c*=0x0, lpOverlapped=0x0) returned 1 [0111.717] CloseHandle (hObject=0x2fc) returned 1 [0111.726] GetCurrentProcess () returned 0xffffffff [0111.726] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e814 | out: TokenHandle=0x18e814*=0x2fc) returned 1 [0111.729] GetCurrentProcess () returned 0xffffffff [0111.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e814 | out: TokenHandle=0x18e814*=0x300) returned 1 [0111.733] GetCurrentProcess () returned 0xffffffff [0111.733] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e6d0 | out: TokenHandle=0x18e6d0*=0x304) returned 1 [0111.734] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18e6c8 | out: lpFileInformation=0x18e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61db39a3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61db39a3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61db39a3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0111.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", nBufferLength=0x105, lpBuffer=0x18e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", lpFilePart=0x0) returned 0x3c [0111.771] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18e6d0 | out: lpFileInformation=0x18e6d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61db39a3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61db39a3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61db39a3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0111.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", nBufferLength=0x105, lpBuffer=0x18e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config", lpFilePart=0x0) returned 0x3c [0111.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e608) returned 1 [0111.772] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x308 [0111.772] GetFileType (hFile=0x308) returned 0x1 [0111.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e604) returned 1 [0111.772] GetFileType (hFile=0x308) returned 0x1 [0111.773] GetFileSize (in: hFile=0x308, lpFileSizeHigh=0x18e6c4 | out: lpFileSizeHigh=0x18e6c4*=0x0) returned 0xb6 [0111.773] ReadFile (in: hFile=0x308, lpBuffer=0x6ab74f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e680, lpOverlapped=0x0 | out: lpBuffer=0x6ab74f0*, lpNumberOfBytesRead=0x18e680*=0xb6, lpOverlapped=0x0) returned 1 [0111.774] ReadFile (in: hFile=0x308, lpBuffer=0x6ab74f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e558, lpOverlapped=0x0 | out: lpBuffer=0x6ab74f0*, lpNumberOfBytesRead=0x18e558*=0x0, lpOverlapped=0x0) returned 1 [0111.774] CloseHandle (hObject=0x308) returned 1 [0111.774] GetCurrentProcess () returned 0xffffffff [0111.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e814 | out: TokenHandle=0x18e814*=0x308) returned 1 [0111.776] GetCurrentProcess () returned 0xffffffff [0111.776] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e814 | out: TokenHandle=0x18e814*=0x30c) returned 1 [0111.845] GetCurrentProcess () returned 0xffffffff [0111.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e674 | out: TokenHandle=0x18e674*=0x310) returned 1 [0112.198] GetCurrentProcess () returned 0xffffffff [0112.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e684 | out: TokenHandle=0x18e684*=0x314) returned 1 [0112.418] GetCurrentProcess () returned 0xffffffff [0112.418] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18de98 | out: TokenHandle=0x18de98*=0x318) returned 1 [0112.475] GetCurrentProcess () returned 0xffffffff [0112.475] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18dea8 | out: TokenHandle=0x18dea8*=0x31c) returned 1 [0119.261] GetCurrentProcess () returned 0xffffffff [0119.261] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed98 | out: TokenHandle=0x18ed98*=0x228) returned 1 [0119.328] GetCurrentProcess () returned 0xffffffff [0119.328] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18eda8 | out: TokenHandle=0x18eda8*=0x224) returned 1 [0120.840] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76be0000 [0120.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x18ee98, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompaté.\x014!`\"(ú\x07oèõ\x18", lpUsedDefaultChar=0x0) returned 21 [0120.880] GetProcAddress (hModule=0x76be0000, lpProcName="AppPolicyGetClrCompat") returned 0x0 [0120.880] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76be0000 [0120.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x18ee98, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0120.880] GetProcAddress (hModule=0x76be0000, lpProcName="GetCurrentPackageId") returned 0x75eeded0 [0120.906] GetCurrentPackageId () returned 0x3d54 [0127.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e5d4 | out: phkResult=0x18e5d4*=0x0) returned 0x2 [0127.882] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e5d4 | out: phkResult=0x18e5d4*=0x0) returned 0x2 [0130.829] EtwEventRegister (in: ProviderId=0x6b2ddc0, EnableCallback=0x12f0656, CallbackContext=0x0, RegHandle=0x6b2dd9c | out: RegHandle=0x6b2dd9c) returned 0x0 [0136.954] CoCreateGuid (in: pguid=0x18ee70 | out: pguid=0x18ee70*(Data1=0x39e59e87, Data2=0xf627, Data3=0x4c29, Data4=([0]=0xbd, [1]=0xc3, [2]=0x6e, [3]=0xf0, [4]=0x47, [5]=0x98, [6]=0xff, [7]=0x50))) returned 0x0 [0138.016] CoCreateGuid (in: pguid=0x18edb0 | out: pguid=0x18edb0*(Data1=0x683ecd53, Data2=0xdbb9, Data3=0x4be3, Data4=([0]=0xa7, [1]=0x1b, [2]=0xd7, [3]=0xc9, [4]=0xfc, [5]=0x55, [6]=0x96, [7]=0xa0))) returned 0x0 [0139.038] CoCreateGuid (in: pguid=0x18ec18 | out: pguid=0x18ec18*(Data1=0xdb4e0cf9, Data2=0xa0a7, Data3=0x4e24, Data4=([0]=0x9b, [1]=0x3c, [2]=0x7e, [3]=0xfe, [4]=0x80, [5]=0xd7, [6]=0xa2, [7]=0x3f))) returned 0x0 [0140.576] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x18e924 | out: lpWSAData=0x18e924) returned 0 [0140.588] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x340 [0140.606] setsockopt (s=0x340, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0140.607] closesocket (s=0x340) returned 0 [0140.607] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x340 [0140.609] setsockopt (s=0x340, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0140.609] closesocket (s=0x340) returned 0 [0140.629] GetCurrentProcess () returned 0xffffffff [0140.629] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e76c | out: TokenHandle=0x18e76c*=0x340) returned 1 [0140.637] GetCurrentProcess () returned 0xffffffff [0140.637] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e77c | out: TokenHandle=0x18e77c*=0x344) returned 1 [0140.681] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x348 [0140.690] WSAConnect (in: s=0x348, name=0x6b38780*(sa_family=2, sin_port=0x1edb, sin_addr="91.103.252.39"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0140.847] setsockopt (s=0x348, level=65535, optname=4098, optval="", optlen=4) returned 0 [0140.848] setsockopt (s=0x348, level=65535, optname=4097, optval="", optlen=4) returned 0 [0141.487] setsockopt (s=0x348, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0141.509] setsockopt (s=0x348, level=65535, optname=4101, optval="", optlen=4) returned 0 [0141.510] send (s=0x348, buf=0x6b31030*, len=39, flags=0) returned 39 [0141.632] setsockopt (s=0x348, level=65535, optname=4102, optval="\x89m\x1b", optlen=4) returned 0 [0141.633] recv (in: s=0x348, buf=0x6b58b9c, len=1, flags=0 | out: buf=0x6b58b9c*) returned 1 [0144.019] send (s=0x348, buf=0x6b5953f*, len=204, flags=0) returned 204 [0144.298] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 142 [0152.663] CoCreateGuid (in: pguid=0x18ee80 | out: pguid=0x18ee80*(Data1=0x141db1d1, Data2=0x7f5b, Data3=0x41d3, Data4=([0]=0x95, [1]=0xb2, [2]=0x32, [3]=0xba, [4]=0xef, [5]=0x39, [6]=0x1d, [7]=0xb8))) returned 0x0 [0153.170] CoCreateGuid (in: pguid=0x18edc0 | out: pguid=0x18edc0*(Data1=0xf182f419, Data2=0x1b89, Data3=0x43f8, Data4=([0]=0xb0, [1]=0x4d, [2]=0x70, [3]=0xfa, [4]=0xd2, [5]=0x7a, [6]=0x68, [7]=0xf9))) returned 0x0 [0153.330] send (s=0x348, buf=0x6b5953f*, len=154, flags=0) returned 154 [0153.339] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 3788 [0153.993] GetCurrentProcess () returned 0xffffffff [0153.994] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e694 | out: TokenHandle=0x18e694*=0x34c) returned 1 [0153.996] GetCurrentProcess () returned 0xffffffff [0153.996] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e6a4 | out: TokenHandle=0x18e6a4*=0x350) returned 1 [0154.074] EtwEventRegister (in: ProviderId=0x6b6dbdc, EnableCallback=0x12f06a6, CallbackContext=0x0, RegHandle=0x6b6dbb8 | out: RegHandle=0x6b6dbb8) returned 0x0 [0154.077] EtwEventSetInformation (RegHandle=0xb97910, InformationClass=0x3e, EventInformation=0x2, InformationLength=0x6b6db7c) returned 0x0 [0156.248] CoTaskMemAlloc (cb=0x20c) returned 0xb9bd98 [0156.248] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0xb9bd98 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.252] CoTaskMemFree (pv=0xb9bd98) [0156.252] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.254] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache", nBufferLength=0x105, lpBuffer=0x18ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache", lpFilePart=0x0) returned 0x2f [0156.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ef10) returned 1 [0156.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\systemcache"), fInfoLevelId=0x0, lpFileInformation=0x18ef8c | out: lpFileInformation=0x18ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ef0c) returned 1 [0156.255] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache", nBufferLength=0x105, lpBuffer=0x18ea74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache", lpFilePart=0x0) returned 0x2f [0156.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eea4) returned 1 [0156.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\systemcache"), fInfoLevelId=0x0, lpFileInformation=0x18ef20 | out: lpFileInformation=0x18ef20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eea0) returned 1 [0156.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eea4) returned 1 [0156.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\systemcache"), fInfoLevelId=0x0, lpFileInformation=0x18ef20 | out: lpFileInformation=0x18ef20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eea0) returned 1 [0156.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eea4) returned 1 [0156.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x18ef20 | out: lpFileInformation=0x18ef20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50b344cd, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x50b344cd, ftLastWriteTime.dwHighDateTime=0x1d8a64c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0156.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eea0) returned 1 [0156.256] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SystemCache" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\systemcache"), lpSecurityAttributes=0x0) returned 1 [0156.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", nBufferLength=0x105, lpBuffer=0x18ea60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", lpFilePart=0x0) returned 0x35 [0157.013] CoTaskMemAlloc (cb=0x804) returned 0xc22918 [0157.013] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xc22918, nSize=0x18eff8 | out: lpNameBuffer="XC64ZB\\RDhJ0CNFevzX", nSize=0x18eff8) returned 0x1 [0157.017] CoTaskMemFree (pv=0xc22918) [0157.017] GetUserNameW (in: lpBuffer=0x18ed8c, pcbBuffer=0x18f004 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x18f004) returned 1 [0157.120] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x368 [0157.125] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e7f8 | out: ppv=0x18e7f8*=0xb71a3c) returned 0x0 [0157.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18da38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0157.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x18df80, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x0eb\x1f9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 63 [0157.187] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x68520000 [0157.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x18dfb4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 13 [0157.200] GetProcAddress (hModule=0x68520000, lpProcName="ResetSecurity") returned 0x68522cc0 [0157.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x18dfb4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 11 [0157.248] GetProcAddress (hModule=0x68520000, lpProcName="SetSecurity") returned 0x68522d10 [0157.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x18dfb0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 18 [0157.266] GetProcAddress (hModule=0x68520000, lpProcName="BlessIWbemServices") returned 0x68522090 [0157.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x18dfa8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 24 [0157.326] GetProcAddress (hModule=0x68520000, lpProcName="BlessIWbemServicesObject") returned 0x685220f0 [0157.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x18dfb0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 17 [0157.366] GetProcAddress (hModule=0x68520000, lpProcName="GetPropertyHandle") returned 0x685227a0 [0157.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x18dfb0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 18 [0157.380] GetProcAddress (hModule=0x68520000, lpProcName="WritePropertyValue") returned 0x68522e50 [0157.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x18dfbc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 5 [0157.437] GetProcAddress (hModule=0x68520000, lpProcName="Clone") returned 0x68522150 [0157.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x18dfb0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 15 [0157.446] GetProcAddress (hModule=0x68520000, lpProcName="VerifyClientKey") returned 0x68522e00 [0157.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x18dfb0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 15 [0157.452] GetProcAddress (hModule=0x68520000, lpProcName="GetQualifierSet") returned 0x68522860 [0157.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x18dfbc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 3 [0157.455] GetProcAddress (hModule=0x68520000, lpProcName="Get") returned 0x68522630 [0157.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x18dfbc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 3 [0157.467] GetProcAddress (hModule=0x68520000, lpProcName="Put") returned 0x68522970 [0157.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x18dfbc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 6 [0157.487] GetProcAddress (hModule=0x68520000, lpProcName="Delete") returned 0x68522410 [0157.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x18dfb8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 8 [0157.519] GetProcAddress (hModule=0x68520000, lpProcName="GetNames") returned 0x68522740 [0157.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x18dfb0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 16 [0157.547] GetProcAddress (hModule=0x68520000, lpProcName="BeginEnumeration") returned 0x68522050 [0157.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x18dfbc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 4 [0157.569] GetProcAddress (hModule=0x68520000, lpProcName="Next") returned 0x68522910 [0157.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x18dfb4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 14 [0157.580] GetProcAddress (hModule=0x68520000, lpProcName="EndEnumeration") returned 0x685224d0 [0157.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x18dfa8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 23 [0157.583] GetProcAddress (hModule=0x68520000, lpProcName="GetPropertyQualifierSet") returned 0x68522830 [0157.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x18dfbc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 5 [0157.587] GetProcAddress (hModule=0x68520000, lpProcName="Clone") returned 0x68522150 [0157.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x18dfb4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 13 [0157.587] GetProcAddress (hModule=0x68520000, lpProcName="GetObjectText") returned 0x68522770 [0157.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x18dfb0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 17 [0157.589] GetProcAddress (hModule=0x68520000, lpProcName="SpawnDerivedClass") returned 0x68522d60 [0157.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x18dfb4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 13 [0157.591] GetProcAddress (hModule=0x68520000, lpProcName="SpawnInstance") returned 0x68522d90 [0157.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x18dfb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 9 [0157.592] GetProcAddress (hModule=0x68520000, lpProcName="CompareTo") returned 0x68522200 [0157.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x18dfb0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 17 [0157.594] GetProcAddress (hModule=0x68520000, lpProcName="GetPropertyOrigin") returned 0x68522800 [0157.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x18dfb4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 12 [0157.596] GetProcAddress (hModule=0x68520000, lpProcName="InheritsFrom") returned 0x68522880 [0157.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x18dfb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 9 [0157.596] GetProcAddress (hModule=0x68520000, lpProcName="GetMethod") returned 0x685226b0 [0157.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x18dfb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 9 [0157.598] GetProcAddress (hModule=0x68520000, lpProcName="PutMethod") returned 0x68522ae0 [0157.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x18dfb4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 12 [0157.603] GetProcAddress (hModule=0x68520000, lpProcName="DeleteMethod") returned 0x68522430 [0157.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x18dfac, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 22 [0157.604] GetProcAddress (hModule=0x68520000, lpProcName="BeginMethodEnumeration") returned 0x68522070 [0157.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x18dfb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 10 [0157.604] GetProcAddress (hModule=0x68520000, lpProcName="NextMethod") returned 0x68522940 [0157.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x18dfac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 20 [0157.606] GetProcAddress (hModule=0x68520000, lpProcName="EndMethodEnumeration") returned 0x685224f0 [0157.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x18dfac, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 21 [0157.606] GetProcAddress (hModule=0x68520000, lpProcName="GetMethodQualifierSet") returned 0x68522710 [0157.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x18dfb0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 15 [0157.607] GetProcAddress (hModule=0x68520000, lpProcName="GetMethodOrigin") returned 0x685226e0 [0157.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x18dfb0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 16 [0157.608] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_Get") returned 0x68522b70 [0157.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x18dfb0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 16 [0157.610] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_Put") returned 0x68522c00 [0157.612] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x18dfac, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 19 [0157.612] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_Delete") returned 0x68522b30 [0157.612] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x18dfac, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 21 [0157.612] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_GetNames") returned 0x68522ba0 [0157.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x18dfa4, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 29 [0157.614] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_BeginEnumeration") returned 0x68522b10 [0157.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x18dfb0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 17 [0157.616] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_Next") returned 0x68522bd0 [0157.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x18dfa4, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 27 [0157.617] GetProcAddress (hModule=0x68520000, lpProcName="QualifierSet_EndEnumeration") returned 0x68522b50 [0157.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x18dfa8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 23 [0157.618] GetProcAddress (hModule=0x68520000, lpProcName="GetCurrentApartmentType") returned 0x68522860 [0157.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x18dfac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 20 [0157.619] GetProcAddress (hModule=0x68520000, lpProcName="GetDemultiplexedStub") returned 0x68522660 [0157.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x18dfac, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 21 [0157.622] GetProcAddress (hModule=0x68520000, lpProcName="CreateInstanceEnumWmi") returned 0x68522380 [0157.628] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x18dfb0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 18 [0157.629] GetProcAddress (hModule=0x68520000, lpProcName="CreateClassEnumWmi") returned 0x685222f0 [0157.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x18dfb4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 12 [0157.629] GetProcAddress (hModule=0x68520000, lpProcName="ExecQueryWmi") returned 0x685225a0 [0157.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x18dfa8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 24 [0157.635] GetProcAddress (hModule=0x68520000, lpProcName="ExecNotificationQueryWmi") returned 0x68522510 [0157.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x18dfb4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 14 [0157.636] GetProcAddress (hModule=0x68520000, lpProcName="PutInstanceWmi") returned 0x68522a40 [0157.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x18dfb4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x0e´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 11 [0157.638] GetProcAddress (hModule=0x68520000, lpProcName="PutClassWmi") returned 0x685229a0 [0157.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x18dfa8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 24 [0157.639] GetProcAddress (hModule=0x68520000, lpProcName="CloneEnumWbemClassObject") returned 0x68522170 [0157.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x18dfb0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi´ 9h4!`\"(ú\x07o\x80â\x18", lpUsedDefaultChar=0x0) returned 16 [0157.642] GetProcAddress (hModule=0x68520000, lpProcName="ConnectServerWmi") returned 0x68522230 [0157.652] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18e7f0 | out: pAptType=0x18e7f0*=1) returned 0x0 [0157.653] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18e7f4 | out: ppvObject=0x18e7f4*=0x0) returned 0x80004002 [0157.653] IUnknown:Release (This=0xb71a3c) returned 0x0 [0157.692] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x18e454 | out: lpiid=0x18e454) returned 0x0 [0157.703] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e160 | out: ppv=0x18e160*=0xc20e80) returned 0x0 [0157.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xc20e80, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e37c | out: ppvObject=0x18e37c*=0x0) returned 0x80004002 [0157.823] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc20e80, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e388 | out: ppvObject=0x18e388*=0xbc3520) returned 0x0 [0157.824] WbemDefPath:IUnknown:Release (This=0xc20e80) returned 0x0 [0157.824] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfac | out: ppvObject=0x18dfac*=0xbc3520) returned 0x0 [0157.834] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18df68 | out: ppvObject=0x18df68*=0x0) returned 0x80004002 [0157.834] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18db5c | out: ppvObject=0x18db5c*=0x0) returned 0x80004002 [0157.835] WbemDefPath:IUnknown:AddRef (This=0xbc3520) returned 0x3 [0157.835] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d8bc | out: ppvObject=0x18d8bc*=0x0) returned 0x80004002 [0157.835] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d86c | out: ppvObject=0x18d86c*=0x0) returned 0x80004002 [0157.835] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d878 | out: ppvObject=0x18d878*=0xc02498) returned 0x0 [0157.835] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xc02498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d880 | out: pCid=0x18d880*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.835] WbemDefPath:IUnknown:Release (This=0xc02498) returned 0x3 [0157.835] CoGetContextToken (in: pToken=0x18d8d8 | out: pToken=0x18d8d8) returned 0x0 [0157.836] CoGetContextToken (in: pToken=0x18dce0 | out: pToken=0x18dce0) returned 0x0 [0157.836] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dd6c | out: ppvObject=0x18dd6c*=0x0) returned 0x80004002 [0157.836] WbemDefPath:IUnknown:Release (This=0xbc3520) returned 0x2 [0157.836] WbemDefPath:IUnknown:Release (This=0xbc3520) returned 0x1 [0157.837] CoGetContextToken (in: pToken=0x18e670 | out: pToken=0x18e670) returned 0x0 [0157.837] CoGetContextToken (in: pToken=0x18e5d0 | out: pToken=0x18e5d0) returned 0x0 [0157.838] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3520, riid=0x18e6a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e69c | out: ppvObject=0x18e69c*=0xbc3520) returned 0x0 [0157.838] WbemDefPath:IUnknown:AddRef (This=0xbc3520) returned 0x3 [0157.838] WbemDefPath:IUnknown:Release (This=0xbc3520) returned 0x2 [0157.845] WbemDefPath:IWbemPath:SetText (This=0xbc3520, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0157.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ef24 | out: puCount=0x18ef24*=0x2) returned 0x0 [0157.850] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ef20*=0x0, pszText=0x0 | out: puBuffLength=0x18ef20*=0xf, pszText=0x0) returned 0x0 [0157.852] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ef20*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ef20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.863] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18eeac | out: ppv=0x18eeac*=0xb71a3c) returned 0x0 [0157.863] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18eea4 | out: pAptType=0x18eea4*=1) returned 0x0 [0157.863] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18eea8 | out: ppvObject=0x18eea8*=0x0) returned 0x80004002 [0157.863] IUnknown:Release (This=0xb71a3c) returned 0x0 [0157.864] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x18edac | out: lpiid=0x18edac) returned 0x0 [0157.865] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18eab8 | out: ppv=0x18eab8*=0xc02558) returned 0x0 [0157.878] WbemLocator:IUnknown:QueryInterface (in: This=0xc02558, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18ecd4 | out: ppvObject=0x18ecd4*=0x0) returned 0x80004002 [0157.878] WbemLocator:IClassFactory:CreateInstance (in: This=0xc02558, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ece0 | out: ppvObject=0x18ece0*=0xc20fa0) returned 0x0 [0157.878] WbemLocator:IUnknown:Release (This=0xc02558) returned 0x0 [0157.878] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e904 | out: ppvObject=0x18e904*=0xc20fa0) returned 0x0 [0157.878] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e8c0 | out: ppvObject=0x18e8c0*=0x0) returned 0x80004002 [0157.878] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e4b4 | out: ppvObject=0x18e4b4*=0x0) returned 0x80004002 [0157.879] WbemLocator:IUnknown:AddRef (This=0xc20fa0) returned 0x3 [0157.879] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e214 | out: ppvObject=0x18e214*=0x0) returned 0x80004002 [0157.879] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e1c4 | out: ppvObject=0x18e1c4*=0x0) returned 0x80004002 [0157.879] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1d0 | out: ppvObject=0x18e1d0*=0x0) returned 0x80004002 [0157.879] CoGetContextToken (in: pToken=0x18e230 | out: pToken=0x18e230) returned 0x0 [0157.880] CoGetObjectContext (in: riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xc0252c | out: ppv=0xc0252c*=0xb71a30) returned 0x0 [0157.881] CoGetContextToken (in: pToken=0x18e638 | out: pToken=0x18e638) returned 0x0 [0157.881] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6c4 | out: ppvObject=0x18e6c4*=0x0) returned 0x80004002 [0157.881] WbemLocator:IUnknown:Release (This=0xc20fa0) returned 0x2 [0157.881] WbemLocator:IUnknown:Release (This=0xc20fa0) returned 0x1 [0157.881] CoGetContextToken (in: pToken=0x18ecc0 | out: pToken=0x18ecc0) returned 0x0 [0157.881] CoGetContextToken (in: pToken=0x18ec20 | out: pToken=0x18ec20) returned 0x0 [0157.881] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fa0, riid=0x18ecf0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18ecec | out: ppvObject=0x18ecec*=0xc20fa0) returned 0x0 [0157.881] WbemLocator:IUnknown:AddRef (This=0xc20fa0) returned 0x3 [0157.881] WbemLocator:IUnknown:Release (This=0xc20fa0) returned 0x2 [0157.903] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ee88 | out: puCount=0x18ee88*=0x2) returned 0x0 [0157.904] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ee84*=0x0, pszText=0x0 | out: puBuffLength=0x18ee84*=0xf, pszText=0x0) returned 0x0 [0157.905] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ee84*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ee84*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.906] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18ed60 | out: ppv=0x18ed60*=0xc210a0) returned 0x0 [0157.906] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc210a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18edf4 | out: ppNamespace=0x18edf4*=0xc15698) returned 0x0 [0159.446] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec88 | out: ppvObject=0x18ec88*=0xbbdedc) returned 0x0 [0159.446] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbdedc, pProxy=0xc15698, pAuthnSvc=0x18ecd8, pAuthzSvc=0x18ecd4, pServerPrincName=0x18eccc, pAuthnLevel=0x18ecd0, pImpLevel=0x18ecc0, pAuthInfo=0x18ecc4, pCapabilites=0x18ecc8 | out: pAuthnSvc=0x18ecd8*=0xa, pAuthzSvc=0x18ecd4*=0x0, pServerPrincName=0x18eccc, pAuthnLevel=0x18ecd0*=0x6, pImpLevel=0x18ecc0*=0x2, pAuthInfo=0x18ecc4, pCapabilites=0x18ecc8*=0x1) returned 0x0 [0159.446] WbemLocator:IUnknown:Release (This=0xbbdedc) returned 0x1 [0159.447] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec7c | out: ppvObject=0x18ec7c*=0xbbdf00) returned 0x0 [0159.447] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec68 | out: ppvObject=0x18ec68*=0xbbdedc) returned 0x0 [0159.447] WbemLocator:IClientSecurity:SetBlanket (This=0xbbdedc, pProxy=0xc15698, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0159.447] WbemLocator:IUnknown:Release (This=0xbbdedc) returned 0x2 [0159.447] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0159.447] CoTaskMemFree (pv=0xe2f22f0) [0159.447] WbemLocator:IUnknown:Release (This=0xc210a0) returned 0x0 [0159.448] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e878 | out: ppvObject=0x18e878*=0xbbdf00) returned 0x0 [0159.448] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e834 | out: ppvObject=0x18e834*=0x0) returned 0x80004002 [0159.448] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e654 | out: ppvObject=0x18e654*=0x0) returned 0x80004002 [0159.449] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e42c | out: ppvObject=0x18e42c*=0x0) returned 0x80004002 [0159.451] WbemLocator:IUnknown:AddRef (This=0xbbdf00) returned 0x3 [0159.452] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e18c | out: ppvObject=0x18e18c*=0x0) returned 0x80004002 [0159.452] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e13c | out: ppvObject=0x18e13c*=0x0) returned 0x80004002 [0159.452] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e148 | out: ppvObject=0x18e148*=0xbbde5c) returned 0x0 [0159.452] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbde5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e150 | out: pCid=0x18e150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.452] WbemLocator:IUnknown:Release (This=0xbbde5c) returned 0x3 [0159.452] CoGetContextToken (in: pToken=0x18e1a8 | out: pToken=0x18e1a8) returned 0x0 [0159.452] CoGetContextToken (in: pToken=0x18e5b0 | out: pToken=0x18e5b0) returned 0x0 [0159.452] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e63c | out: ppvObject=0x18e63c*=0xbbdee4) returned 0x0 [0159.453] WbemLocator:IRpcOptions:Query (in: This=0xbbdee4, pPrx=0xbbdf00, dwProperty=2, pdwValue=0x18e648 | out: pdwValue=0x18e648) returned 0x80004002 [0159.454] WbemLocator:IUnknown:Release (This=0xbbdee4) returned 0x3 [0159.454] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x2 [0159.454] CoGetContextToken (in: pToken=0x18eb88 | out: pToken=0x18eb88) returned 0x0 [0159.454] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0159.454] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x18ebb8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18ebb4 | out: ppvObject=0x18ebb4*=0xc15698) returned 0x0 [0159.455] WbemLocator:IUnknown:AddRef (This=0xc15698) returned 0x4 [0159.455] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x3 [0159.455] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x2 [0159.478] SysStringLen (param_1=0x0) returned 0x0 [0159.479] CoGetContextToken (in: pToken=0x18eb90 | out: pToken=0x18eb90) returned 0x0 [0159.479] WbemLocator:IUnknown:AddRef (This=0xbbdf00) returned 0x3 [0159.480] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ea24 | out: ppvObject=0x18ea24*=0xbbdf00) returned 0x0 [0159.480] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x3 [0159.480] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x2 [0159.480] CoGetContextToken (in: pToken=0x18ec88 | out: pToken=0x18ec88) returned 0x0 [0159.480] WbemLocator:IUnknown:AddRef (This=0xc15698) returned 0x3 [0159.480] IWbemServices:ExecQuery (in: This=0xc15698, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_DiskDrive", lFlags=16, pCtx=0x0, ppEnum=0x18ee94 | out: ppEnum=0x18ee94*=0xb7aa10) returned 0x0 [0159.509] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ecf0 | out: ppvObject=0x18ecf0*=0xb7aa14) returned 0x0 [0159.509] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ed40, pAuthzSvc=0x18ed3c, pServerPrincName=0x18ed34, pAuthnLevel=0x18ed38, pImpLevel=0x18ed28, pAuthInfo=0x18ed2c, pCapabilites=0x18ed30 | out: pAuthnSvc=0x18ed40*=0xa, pAuthzSvc=0x18ed3c*=0x0, pServerPrincName=0x18ed34, pAuthnLevel=0x18ed38*=0x6, pImpLevel=0x18ed28*=0x2, pAuthInfo=0x18ed2c, pCapabilites=0x18ed30*=0x1) returned 0x0 [0159.509] IUnknown:Release (This=0xb7aa14) returned 0x1 [0159.509] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ece4 | out: ppvObject=0x18ece4*=0xbbf800) returned 0x0 [0159.509] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ecd0 | out: ppvObject=0x18ecd0*=0xb7aa14) returned 0x0 [0159.509] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0159.526] IUnknown:Release (This=0xb7aa14) returned 0x2 [0159.526] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0159.526] CoTaskMemFree (pv=0xe2f2fa8) [0159.526] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0xbbf800) returned 0x0 [0159.527] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e898 | out: ppvObject=0x18e898*=0x0) returned 0x80004002 [0159.596] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0x0) returned 0x80004002 [0159.596] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0159.597] WbemLocator:IUnknown:AddRef (This=0xbbf800) returned 0x3 [0159.597] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e1ec | out: ppvObject=0x18e1ec*=0x0) returned 0x80004002 [0159.598] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e19c | out: ppvObject=0x18e19c*=0x0) returned 0x80004002 [0159.598] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1a8 | out: ppvObject=0x18e1a8*=0xbbf75c) returned 0x0 [0159.598] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf75c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e1b0 | out: pCid=0x18e1b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.598] WbemLocator:IUnknown:Release (This=0xbbf75c) returned 0x3 [0159.598] CoGetContextToken (in: pToken=0x18e208 | out: pToken=0x18e208) returned 0x0 [0159.598] CoGetContextToken (in: pToken=0x18e610 | out: pToken=0x18e610) returned 0x0 [0159.598] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e69c | out: ppvObject=0x18e69c*=0xbbf7e4) returned 0x0 [0159.598] WbemLocator:IRpcOptions:Query (in: This=0xbbf7e4, pPrx=0xbbf800, dwProperty=2, pdwValue=0x18e6a8 | out: pdwValue=0x18e6a8) returned 0x80004002 [0159.599] WbemLocator:IUnknown:Release (This=0xbbf7e4) returned 0x3 [0159.599] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x2 [0159.599] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0159.599] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x18ec20*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7aa10) returned 0x0 [0159.599] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0159.599] IUnknown:Release (This=0xb7aa10) returned 0x3 [0159.599] IUnknown:Release (This=0xb7aa10) returned 0x2 [0159.599] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x2 [0159.599] SysStringLen (param_1=0x0) returned 0x0 [0159.599] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eee0 | out: puCount=0x18eee0*=0x2) returned 0x0 [0159.599] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eedc*=0x0, pszText=0x0 | out: puBuffLength=0x18eedc*=0xf, pszText=0x0) returned 0x0 [0159.599] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eedc*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eedc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.600] CoGetContextToken (in: pToken=0x18ed30 | out: pToken=0x18ed30) returned 0x0 [0159.600] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0159.600] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18eeec | out: ppEnum=0x18eeec*=0xb7a3d0) returned 0x0 [0159.602] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eda8 | out: ppvObject=0x18eda8*=0xb7a3d4) returned 0x0 [0159.602] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18edf8, pAuthzSvc=0x18edf4, pServerPrincName=0x18edec, pAuthnLevel=0x18edf0, pImpLevel=0x18ede0, pAuthInfo=0x18ede4, pCapabilites=0x18ede8 | out: pAuthnSvc=0x18edf8*=0xa, pAuthzSvc=0x18edf4*=0x0, pServerPrincName=0x18edec, pAuthnLevel=0x18edf0*=0x6, pImpLevel=0x18ede0*=0x2, pAuthInfo=0x18ede4, pCapabilites=0x18ede8*=0x1) returned 0x0 [0159.602] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0159.602] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ed9c | out: ppvObject=0x18ed9c*=0xbbe700) returned 0x0 [0159.602] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ed88 | out: ppvObject=0x18ed88*=0xb7a3d4) returned 0x0 [0159.602] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0159.604] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0159.604] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0159.605] CoTaskMemFree (pv=0xe2f2e88) [0159.605] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e984 | out: ppvObject=0x18e984*=0xbbe700) returned 0x0 [0159.605] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e940 | out: ppvObject=0x18e940*=0x0) returned 0x80004002 [0159.605] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e75c | out: ppvObject=0x18e75c*=0x0) returned 0x80004002 [0159.606] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e534 | out: ppvObject=0x18e534*=0x0) returned 0x80004002 [0159.607] WbemLocator:IUnknown:AddRef (This=0xbbe700) returned 0x3 [0159.607] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e294 | out: ppvObject=0x18e294*=0x0) returned 0x80004002 [0159.607] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e244 | out: ppvObject=0x18e244*=0x0) returned 0x80004002 [0159.607] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e250 | out: ppvObject=0x18e250*=0xbbe65c) returned 0x0 [0159.607] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe65c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e258 | out: pCid=0x18e258*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.607] WbemLocator:IUnknown:Release (This=0xbbe65c) returned 0x3 [0159.607] CoGetContextToken (in: pToken=0x18e2b0 | out: pToken=0x18e2b0) returned 0x0 [0159.607] CoGetContextToken (in: pToken=0x18e6b8 | out: pToken=0x18e6b8) returned 0x0 [0159.607] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e744 | out: ppvObject=0x18e744*=0xbbe6e4) returned 0x0 [0159.608] WbemLocator:IRpcOptions:Query (in: This=0xbbe6e4, pPrx=0xbbe700, dwProperty=2, pdwValue=0x18e750 | out: pdwValue=0x18e750) returned 0x80004002 [0159.608] WbemLocator:IUnknown:Release (This=0xbbe6e4) returned 0x3 [0159.608] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x2 [0159.608] CoGetContextToken (in: pToken=0x18ec98 | out: pToken=0x18ec98) returned 0x0 [0159.608] CoGetContextToken (in: pToken=0x18ebf8 | out: pToken=0x18ebf8) returned 0x0 [0159.608] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x18ecc8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ecc4 | out: ppvObject=0x18ecc4*=0xb7a3d0) returned 0x0 [0159.608] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0159.608] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0159.608] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0159.608] IUnknown:Release (This=0xb7aa10) returned 0x2 [0159.608] SysStringLen (param_1=0x0) returned 0x0 [0159.610] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0159.707] CoTaskMemAlloc (cb=0x4) returned 0xc21000 [0159.707] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc21000, puReturned=0x6b99430 | out: apObjects=0xc21000*=0xb5f770, puReturned=0x6b99430*=0x1) returned 0x0 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e548 | out: ppvObject=0x18e548*=0xb5f770) returned 0x0 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e324 | out: ppvObject=0x18e324*=0x0) returned 0x80004002 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0fc | out: ppvObject=0x18e0fc*=0x0) returned 0x80004002 [0159.728] IUnknown:AddRef (This=0xb5f770) returned 0x3 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de5c | out: ppvObject=0x18de5c*=0x0) returned 0x80004002 [0159.728] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18de0c | out: ppvObject=0x18de0c*=0x0) returned 0x80004002 [0159.729] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de18 | out: ppvObject=0x18de18*=0xb5f774) returned 0x0 [0159.729] IMarshal:GetUnmarshalClass (in: This=0xb5f774, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18de20 | out: pCid=0x18de20*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0159.729] IUnknown:Release (This=0xb5f774) returned 0x3 [0159.729] CoGetContextToken (in: pToken=0x18de78 | out: pToken=0x18de78) returned 0x0 [0159.729] CoGetContextToken (in: pToken=0x18e280 | out: pToken=0x18e280) returned 0x0 [0159.729] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e30c | out: ppvObject=0x18e30c*=0x0) returned 0x80004002 [0159.729] IUnknown:Release (This=0xb5f770) returned 0x2 [0159.729] CoGetContextToken (in: pToken=0x18e858 | out: pToken=0x18e858) returned 0x0 [0159.729] CoGetContextToken (in: pToken=0x18e7b8 | out: pToken=0x18e7b8) returned 0x0 [0159.729] IUnknown:QueryInterface (in: This=0xb5f770, riid=0x18e888*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e884 | out: ppvObject=0x18e884*=0xb5f770) returned 0x0 [0159.729] IUnknown:AddRef (This=0xb5f770) returned 0x4 [0159.729] IUnknown:Release (This=0xb5f770) returned 0x3 [0159.730] IUnknown:Release (This=0xb5f770) returned 0x2 [0159.731] CoTaskMemFree (pv=0xc21000) [0159.731] CoGetContextToken (in: pToken=0x18ebc8 | out: pToken=0x18ebc8) returned 0x0 [0159.731] IUnknown:AddRef (This=0xb5f770) returned 0x3 [0159.733] IWbemClassObject:Get (in: This=0xb5f770, wszName="__GENUS", lFlags=0, pVal=0x18eedc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ef5c*=0, plFlavor=0x18ef58*=0 | out: pVal=0x18eedc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ef5c*=3, plFlavor=0x18ef58*=64) returned 0x0 [0159.735] IWbemClassObject:Get (in: This=0xb5f770, wszName="__PATH", lFlags=0, pVal=0x18eec0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ef44*=0, plFlavor=0x18ef40*=0 | out: pVal=0x18eec0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"", varVal2=0x0), pType=0x18ef44*=8, plFlavor=0x18ef40*=64) returned 0x0 [0159.736] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x88 [0159.736] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x88 [0159.736] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18eeec | out: ppv=0x18eeec*=0xb71a3c) returned 0x0 [0159.736] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18eee4 | out: pAptType=0x18eee4*=1) returned 0x0 [0159.737] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18eee8 | out: ppvObject=0x18eee8*=0x0) returned 0x80004002 [0159.737] IUnknown:Release (This=0xb71a3c) returned 0x1 [0159.740] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e850 | out: ppv=0x18e850*=0xc20f30) returned 0x0 [0159.740] WbemDefPath:IUnknown:QueryInterface (in: This=0xc20f30, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18ea6c | out: ppvObject=0x18ea6c*=0x0) returned 0x80004002 [0159.740] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc20f30, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ea78 | out: ppvObject=0x18ea78*=0xbc2f70) returned 0x0 [0159.740] WbemDefPath:IUnknown:Release (This=0xc20f30) returned 0x0 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e69c | out: ppvObject=0x18e69c*=0xbc2f70) returned 0x0 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e658 | out: ppvObject=0x18e658*=0x0) returned 0x80004002 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e24c | out: ppvObject=0x18e24c*=0x0) returned 0x80004002 [0159.741] WbemDefPath:IUnknown:AddRef (This=0xbc2f70) returned 0x3 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfac | out: ppvObject=0x18dfac*=0x0) returned 0x80004002 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df5c | out: ppvObject=0x18df5c*=0x0) returned 0x80004002 [0159.741] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df68 | out: ppvObject=0x18df68*=0xc028e8) returned 0x0 [0159.741] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xc028e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df70 | out: pCid=0x18df70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.741] WbemDefPath:IUnknown:Release (This=0xc028e8) returned 0x3 [0159.742] CoGetContextToken (in: pToken=0x18dfc8 | out: pToken=0x18dfc8) returned 0x0 [0159.742] CoGetContextToken (in: pToken=0x18e3d0 | out: pToken=0x18e3d0) returned 0x0 [0159.742] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e45c | out: ppvObject=0x18e45c*=0x0) returned 0x80004002 [0159.742] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x2 [0159.742] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x1 [0159.742] CoGetContextToken (in: pToken=0x18ed68 | out: pToken=0x18ed68) returned 0x0 [0159.742] CoGetContextToken (in: pToken=0x18ecc8 | out: pToken=0x18ecc8) returned 0x0 [0159.742] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x18ed98*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ed94 | out: ppvObject=0x18ed94*=0xbc2f70) returned 0x0 [0159.742] WbemDefPath:IUnknown:AddRef (This=0xbc2f70) returned 0x3 [0159.742] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x2 [0159.742] WbemDefPath:IWbemPath:SetText (This=0xbc2f70, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x0 [0159.742] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ef18 | out: puCount=0x18ef18*=0x2) returned 0x0 [0159.743] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ef14*=0x0, pszText=0x0 | out: puBuffLength=0x18ef14*=0xf, pszText=0x0) returned 0x0 [0159.743] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ef14*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ef14*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.746] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eee4 | out: puCount=0x18eee4*=0x2) returned 0x0 [0159.746] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eee0*=0x0, pszText=0x0 | out: puBuffLength=0x18eee0*=0xf, pszText=0x0) returned 0x0 [0159.746] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eee0*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eee0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.746] IWbemClassObject:Get (in: This=0xb5f770, wszName="SerialNumber", lFlags=0, pVal=0x18eee0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6b99d10*=0, plFlavor=0x6b99d14*=0 | out: pVal=0x18eee0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="5OM4739SL7XBTN", varVal2=0x0), pType=0x6b99d10*=8, plFlavor=0x6b99d14*=0) returned 0x0 [0159.746] SysStringByteLen (bstr="5OM4739SL7XBTN") returned 0x1c [0159.746] SysStringByteLen (bstr="5OM4739SL7XBTN") returned 0x1c [0159.746] IWbemClassObject:Get (in: This=0xb5f770, wszName="SerialNumber", lFlags=0, pVal=0x18eee8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6b99d10*=8, plFlavor=0x6b99d14*=0 | out: pVal=0x18eee8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="5OM4739SL7XBTN", varVal2=0x0), pType=0x6b99d10*=8, plFlavor=0x6b99d14*=0) returned 0x0 [0159.746] SysStringByteLen (bstr="5OM4739SL7XBTN") returned 0x1c [0159.746] SysStringByteLen (bstr="5OM4739SL7XBTN") returned 0x1c [0159.751] CoGetContextToken (in: pToken=0x18ee10 | out: pToken=0x18ee10) returned 0x0 [0159.751] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0159.751] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0159.758] CoGetContextToken (in: pToken=0x18ee10 | out: pToken=0x18ee10) returned 0x0 [0159.758] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0159.758] IUnknown:Release (This=0xb7aa10) returned 0x0 [0159.856] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18ebec | out: pfEnabled=0x18ebec) returned 0x0 [0160.921] GetSystemMetrics (nIndex=78) returned 1440 [0160.968] CoTaskMemAlloc (cb=0x20c) returned 0xbdb500 [0160.968] GetEnvironmentVariableW (in: lpName="windir", lpBuffer=0xbdb500, nSize=0x104 | out: lpBuffer="") returned 0xa [0160.968] CoTaskMemFree (pv=0xbdb500) [0160.975] GetDC (hWnd=0x0) returned 0x101071e [0160.987] GetDeviceCaps (hdc=0x101071e, index=90) returned 96 [0160.988] ReleaseDC (hWnd=0x0, hDC=0x101071e) returned 1 [0160.990] GetSystemMetrics (nIndex=79) returned 900 [0161.003] GetUserNameW (in: lpBuffer=0x18edcc, pcbBuffer=0x18f044 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x18f044) returned 1 [0161.058] GetCurrentProcess () returned 0xffffffff [0161.058] GetCurrentThread () returned 0xfffffffe [0161.058] GetCurrentProcess () returned 0xffffffff [0161.061] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18efec, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18efec*=0x3f0) returned 1 [0161.072] GetCurrentThreadId () returned 0x4ec [0161.074] OleInitialize (pvReserved=0x0) returned 0x80010106 [0161.076] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0161.128] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76be0000 [0161.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x18ef0c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64Process\x0en4!`\"(ú\x07oèõ\x18", lpUsedDefaultChar=0x0) returned 14 [0161.129] GetProcAddress (hModule=0x76be0000, lpProcName="IsWow64Process") returned 0x76bf9f10 [0161.129] GetCurrentProcess () returned 0xffffffff [0161.129] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ef6c | out: Wow64Process=0x18ef6c*=1) returned 1 [0161.145] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x18eedc | out: phkResult=0x18eedc*=0x3f4) returned 0x0 [0161.145] RegQueryValueExW (in: hKey=0x3f4, lpValueName="ProductName", lpReserved=0x0, lpType=0x18eefc, lpData=0x0, lpcbData=0x18eef8*=0x0 | out: lpType=0x18eefc*=0x1, lpData=0x0, lpcbData=0x18eef8*=0x1e) returned 0x0 [0161.145] RegQueryValueExW (in: hKey=0x3f4, lpValueName="ProductName", lpReserved=0x0, lpType=0x18eefc, lpData=0x6b9c4f4, lpcbData=0x18eef8*=0x1e | out: lpType=0x18eefc*=0x1, lpData="Windows 10 Pro", lpcbData=0x18eef8*=0x1e) returned 0x0 [0161.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x18eedc | out: phkResult=0x18eedc*=0x3f8) returned 0x0 [0161.147] RegQueryValueExW (in: hKey=0x3f8, lpValueName="CSDVersion", lpReserved=0x0, lpType=0x18eefc, lpData=0x0, lpcbData=0x18eef8*=0x0 | out: lpType=0x18eefc*=0x0, lpData=0x0, lpcbData=0x18eef8*=0x0) returned 0x2 [0161.200] CoCreateGuid (in: pguid=0x18ec48 | out: pguid=0x18ec48*(Data1=0x73429303, Data2=0x6211, Data3=0x444f, Data4=([0]=0x98, [1]=0x5c, [2]=0xac, [3]=0xdc, [4]=0x5d, [5]=0xd5, [6]=0x47, [7]=0x8))) returned 0x0 [0161.203] CoCreateGuid (in: pguid=0x18eb88 | out: pguid=0x18eb88*(Data1=0x4ab25975, Data2=0x69e7, Data3=0x4c0d, Data4=([0]=0x96, [1]=0x2d, [2]=0x60, [3]=0xcd, [4]=0x0, [5]=0x7b, [6]=0xfc, [7]=0xb))) returned 0x0 [0162.299] send (s=0x348, buf=0x6bbe832*, len=708, flags=0) returned 708 [0162.300] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 125 [0162.395] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0162.395] GetKeyboardLayoutList (in: nBuff=1, lpList=0x6bbefc0 | out: lpList=0x6bbefc0) returned 1 [0162.449] CoCreateGuid (in: pguid=0x18ec10 | out: pguid=0x18ec10*(Data1=0x50232862, Data2=0xfb02, Data3=0x4e4e, Data4=([0]=0x90, [1]=0xb3, [2]=0xb2, [3]=0x24, [4]=0x98, [5]=0xbe, [6]=0x29, [7]=0x91))) returned 0x0 [0162.449] CoCreateGuid (in: pguid=0x18eb50 | out: pguid=0x18eb50*(Data1=0xb18c409, Data2=0x324c, Data3=0x4269, Data4=([0]=0x8d, [1]=0x2b, [2]=0x31, [3]=0x96, [4]=0xbc, [5]=0xaf, [6]=0x6, [7]=0xf9))) returned 0x0 [0162.449] send (s=0x348, buf=0x6bbe833*, len=205, flags=0) returned 205 [0162.450] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 125 [0162.918] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18eb34, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0162.919] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\discord\\Local Storage\\leveldb", lpDst=0x18eb34, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb") returned 0x44 [0162.931] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0162.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ecd8) returned 1 [0162.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x18e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0162.940] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.log" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb\\*.log"), lpFindFileData=0x18ea00 | out: lpFindFileData=0x18ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0162.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec9c) returned 1 [0162.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x18e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0162.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ecd8) returned 1 [0162.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x18e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0162.950] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.ldb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb\\*.ldb"), lpFindFileData=0x18ea00 | out: lpFindFileData=0x18ea00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0162.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec9c) returned 1 [0163.014] CoCreateGuid (in: pguid=0x18ebf8 | out: pguid=0x18ebf8*(Data1=0x530b547, Data2=0xb535, Data3=0x46ae, Data4=([0]=0x9b, [1]=0x98, [2]=0x23, [3]=0xaf, [4]=0xae, [5]=0x93, [6]=0xfe, [7]=0xc5))) returned 0x0 [0163.014] CoCreateGuid (in: pguid=0x18eb38 | out: pguid=0x18eb38*(Data1=0xdbe608e2, Data2=0x542, Data3=0x4066, Data4=([0]=0x83, [1]=0xef, [2]=0x8a, [3]=0x6d, [4]=0x1f, [5]=0xdb, [6]=0xa, [7]=0xb1))) returned 0x0 [0163.129] send (s=0x348, buf=0x6bbe833*, len=225, flags=0) returned 225 [0163.130] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 128 [0163.320] GetCurrentProcessId () returned 0x234 [0163.322] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18e3d4 | out: lpLuid=0x18e3d4*(LowPart=0x14, HighPart=0)) returned 1 [0163.325] GetCurrentProcess () returned 0xffffffff [0163.325] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x18e3d0 | out: TokenHandle=0x18e3d0*=0x404) returned 1 [0163.326] AdjustTokenPrivileges (in: TokenHandle=0x404, DisableAllPrivileges=0, NewState=0x6bc5d30*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0163.326] CloseHandle (hObject=0x404) returned 1 [0163.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x8293010, Length=0x20000, ResultLength=0x18eabc | out: SystemInformation=0x8293010, ResultLength=0x18eabc*=0x157d8) returned 0x0 [0163.377] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eaa4 | out: puCount=0x18eaa4*=0x2) returned 0x0 [0163.377] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eaa0*=0x0, pszText=0x0 | out: puBuffLength=0x18eaa0*=0xf, pszText=0x0) returned 0x0 [0163.377] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eaa0*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eaa0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.377] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea2c | out: ppv=0x18ea2c*=0xb71a3c) returned 0x0 [0163.377] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea24 | out: pAptType=0x18ea24*=1) returned 0x0 [0163.377] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea28 | out: ppvObject=0x18ea28*=0x0) returned 0x80004002 [0163.377] IUnknown:Release (This=0xb71a3c) returned 0x1 [0163.383] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e638 | out: ppv=0x18e638*=0xe2fb678) returned 0x0 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xe2fb678, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e854 | out: ppvObject=0x18e854*=0x0) returned 0x80004002 [0163.384] WbemLocator:IClassFactory:CreateInstance (in: This=0xe2fb678, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e860 | out: ppvObject=0x18e860*=0xc20fd0) returned 0x0 [0163.384] WbemLocator:IUnknown:Release (This=0xe2fb678) returned 0x0 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e484 | out: ppvObject=0x18e484*=0xc20fd0) returned 0x0 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e440 | out: ppvObject=0x18e440*=0x0) returned 0x80004002 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e034 | out: ppvObject=0x18e034*=0x0) returned 0x80004002 [0163.384] WbemLocator:IUnknown:AddRef (This=0xc20fd0) returned 0x3 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dd94 | out: ppvObject=0x18dd94*=0x0) returned 0x80004002 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dd44 | out: ppvObject=0x18dd44*=0x0) returned 0x80004002 [0163.384] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dd50 | out: ppvObject=0x18dd50*=0x0) returned 0x80004002 [0163.384] CoGetContextToken (in: pToken=0x18ddb0 | out: pToken=0x18ddb0) returned 0x0 [0163.385] CoGetContextToken (in: pToken=0x18e1b8 | out: pToken=0x18e1b8) returned 0x0 [0163.385] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e244 | out: ppvObject=0x18e244*=0x0) returned 0x80004002 [0163.385] WbemLocator:IUnknown:Release (This=0xc20fd0) returned 0x2 [0163.385] WbemLocator:IUnknown:Release (This=0xc20fd0) returned 0x1 [0163.385] CoGetContextToken (in: pToken=0x18e840 | out: pToken=0x18e840) returned 0x0 [0163.385] CoGetContextToken (in: pToken=0x18e7a0 | out: pToken=0x18e7a0) returned 0x0 [0163.385] WbemLocator:IUnknown:QueryInterface (in: This=0xc20fd0, riid=0x18e870*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e86c | out: ppvObject=0x18e86c*=0xc20fd0) returned 0x0 [0163.385] WbemLocator:IUnknown:AddRef (This=0xc20fd0) returned 0x3 [0163.385] WbemLocator:IUnknown:Release (This=0xc20fd0) returned 0x2 [0163.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea08 | out: puCount=0x18ea08*=0x2) returned 0x0 [0163.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ea04*=0x0, pszText=0x0 | out: puBuffLength=0x18ea04*=0xf, pszText=0x0) returned 0x0 [0163.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ea04*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea04*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.385] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18e8e0 | out: ppv=0x18e8e0*=0xc20f30) returned 0x0 [0163.385] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc20f30, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18e974 | out: ppNamespace=0x18e974*=0xc16318) returned 0x0 [0163.408] WbemLocator:IUnknown:QueryInterface (in: This=0xc16318, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e808 | out: ppvObject=0x18e808*=0xbbe6dc) returned 0x0 [0163.408] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbe6dc, pProxy=0xc16318, pAuthnSvc=0x18e858, pAuthzSvc=0x18e854, pServerPrincName=0x18e84c, pAuthnLevel=0x18e850, pImpLevel=0x18e840, pAuthInfo=0x18e844, pCapabilites=0x18e848 | out: pAuthnSvc=0x18e858*=0xa, pAuthzSvc=0x18e854*=0x0, pServerPrincName=0x18e84c, pAuthnLevel=0x18e850*=0x6, pImpLevel=0x18e840*=0x2, pAuthInfo=0x18e844, pCapabilites=0x18e848*=0x1) returned 0x0 [0163.408] WbemLocator:IUnknown:Release (This=0xbbe6dc) returned 0x1 [0163.408] WbemLocator:IUnknown:QueryInterface (in: This=0xc16318, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7fc | out: ppvObject=0x18e7fc*=0xbbe700) returned 0x0 [0163.408] WbemLocator:IUnknown:QueryInterface (in: This=0xc16318, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7e8 | out: ppvObject=0x18e7e8*=0xbbe6dc) returned 0x0 [0163.408] WbemLocator:IClientSecurity:SetBlanket (This=0xbbe6dc, pProxy=0xc16318, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.408] WbemLocator:IUnknown:Release (This=0xbbe6dc) returned 0x2 [0163.408] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0163.408] CoTaskMemFree (pv=0xe2f2b58) [0163.409] WbemLocator:IUnknown:Release (This=0xc20f30) returned 0x0 [0163.409] WbemLocator:IUnknown:QueryInterface (in: This=0xc16318, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3f8 | out: ppvObject=0x18e3f8*=0xbbe700) returned 0x0 [0163.409] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e3b4 | out: ppvObject=0x18e3b4*=0x0) returned 0x80004002 [0163.413] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1d4 | out: ppvObject=0x18e1d4*=0x0) returned 0x80004002 [0163.420] WbemLocator:IUnknown:QueryInterface (in: This=0xc16318, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dfac | out: ppvObject=0x18dfac*=0x0) returned 0x80004002 [0163.439] WbemLocator:IUnknown:AddRef (This=0xbbe700) returned 0x3 [0163.439] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dd0c | out: ppvObject=0x18dd0c*=0x0) returned 0x80004002 [0163.439] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dcbc | out: ppvObject=0x18dcbc*=0x0) returned 0x80004002 [0163.439] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dcc8 | out: ppvObject=0x18dcc8*=0xbbe65c) returned 0x0 [0163.439] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe65c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dcd0 | out: pCid=0x18dcd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.439] WbemLocator:IUnknown:Release (This=0xbbe65c) returned 0x3 [0163.439] CoGetContextToken (in: pToken=0x18dd28 | out: pToken=0x18dd28) returned 0x0 [0163.440] CoGetContextToken (in: pToken=0x18e130 | out: pToken=0x18e130) returned 0x0 [0163.440] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1bc | out: ppvObject=0x18e1bc*=0xbbe6e4) returned 0x0 [0163.440] WbemLocator:IRpcOptions:Query (in: This=0xbbe6e4, pPrx=0xbbe700, dwProperty=2, pdwValue=0x18e1c8 | out: pdwValue=0x18e1c8) returned 0x80004002 [0163.444] WbemLocator:IUnknown:Release (This=0xbbe6e4) returned 0x3 [0163.444] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x2 [0163.444] CoGetContextToken (in: pToken=0x18e708 | out: pToken=0x18e708) returned 0x0 [0163.444] CoGetContextToken (in: pToken=0x18e668 | out: pToken=0x18e668) returned 0x0 [0163.444] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x18e738*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e734 | out: ppvObject=0x18e734*=0xc16318) returned 0x0 [0163.444] WbemLocator:IUnknown:AddRef (This=0xc16318) returned 0x4 [0163.444] WbemLocator:IUnknown:Release (This=0xc16318) returned 0x3 [0163.444] WbemLocator:IUnknown:Release (This=0xc16318) returned 0x2 [0163.444] SysStringLen (param_1=0x0) returned 0x0 [0163.445] CoGetContextToken (in: pToken=0x18e710 | out: pToken=0x18e710) returned 0x0 [0163.445] WbemLocator:IUnknown:AddRef (This=0xbbe700) returned 0x3 [0163.445] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5a4 | out: ppvObject=0x18e5a4*=0xbbe700) returned 0x0 [0163.445] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x3 [0163.445] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x2 [0163.445] CoGetContextToken (in: pToken=0x18e7e0 | out: pToken=0x18e7e0) returned 0x0 [0163.445] WbemLocator:IUnknown:AddRef (This=0xc16318) returned 0x3 [0163.445] IWbemServices:ExecQuery (in: This=0xc16318, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x18ea14 | out: ppEnum=0x18ea14*=0xb7aa10) returned 0x0 [0163.501] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e84c | out: ppvObject=0x18e84c*=0xb7aa14) returned 0x0 [0163.501] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18e89c, pAuthzSvc=0x18e898, pServerPrincName=0x18e890, pAuthnLevel=0x18e894, pImpLevel=0x18e884, pAuthInfo=0x18e888, pCapabilites=0x18e88c | out: pAuthnSvc=0x18e89c*=0xa, pAuthzSvc=0x18e898*=0x0, pServerPrincName=0x18e890, pAuthnLevel=0x18e894*=0x6, pImpLevel=0x18e884*=0x2, pAuthInfo=0x18e888, pCapabilites=0x18e88c*=0x1) returned 0x0 [0163.501] IUnknown:Release (This=0xb7aa14) returned 0x1 [0163.501] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e840 | out: ppvObject=0x18e840*=0xbbf900) returned 0x0 [0163.501] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e82c | out: ppvObject=0x18e82c*=0xb7aa14) returned 0x0 [0163.501] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.677] IUnknown:Release (This=0xb7aa14) returned 0x2 [0163.677] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x1 [0163.677] CoTaskMemFree (pv=0xe2f2d68) [0163.678] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e438 | out: ppvObject=0x18e438*=0xbbf900) returned 0x0 [0163.678] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e3f4 | out: ppvObject=0x18e3f4*=0x0) returned 0x80004002 [0163.678] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e214 | out: ppvObject=0x18e214*=0x0) returned 0x80004002 [0163.679] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0163.680] WbemLocator:IUnknown:AddRef (This=0xbbf900) returned 0x3 [0163.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dd4c | out: ppvObject=0x18dd4c*=0x0) returned 0x80004002 [0163.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dcfc | out: ppvObject=0x18dcfc*=0x0) returned 0x80004002 [0163.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dd08 | out: ppvObject=0x18dd08*=0xbbf85c) returned 0x0 [0163.680] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf85c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dd10 | out: pCid=0x18dd10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.680] WbemLocator:IUnknown:Release (This=0xbbf85c) returned 0x3 [0163.680] CoGetContextToken (in: pToken=0x18dd68 | out: pToken=0x18dd68) returned 0x0 [0163.681] CoGetContextToken (in: pToken=0x18e170 | out: pToken=0x18e170) returned 0x0 [0163.681] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1fc | out: ppvObject=0x18e1fc*=0xbbf8e4) returned 0x0 [0163.681] WbemLocator:IRpcOptions:Query (in: This=0xbbf8e4, pPrx=0xbbf900, dwProperty=2, pdwValue=0x18e208 | out: pdwValue=0x18e208) returned 0x80004002 [0163.681] WbemLocator:IUnknown:Release (This=0xbbf8e4) returned 0x3 [0163.681] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x2 [0163.681] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0163.681] CoGetContextToken (in: pToken=0x18e6a8 | out: pToken=0x18e6a8) returned 0x0 [0163.681] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x18e778*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18e774 | out: ppvObject=0x18e774*=0xb7aa10) returned 0x0 [0163.681] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0163.681] IUnknown:Release (This=0xb7aa10) returned 0x3 [0163.681] IUnknown:Release (This=0xb7aa10) returned 0x2 [0163.682] WbemLocator:IUnknown:Release (This=0xc16318) returned 0x2 [0163.682] SysStringLen (param_1=0x0) returned 0x0 [0163.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea60 | out: puCount=0x18ea60*=0x2) returned 0x0 [0163.682] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea5c*=0x0, pszText=0x0 | out: puBuffLength=0x18ea5c*=0xf, pszText=0x0) returned 0x0 [0163.682] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea5c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea5c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.682] CoGetContextToken (in: pToken=0x18e8b0 | out: pToken=0x18e8b0) returned 0x0 [0163.682] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0163.682] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ea6c | out: ppEnum=0x18ea6c*=0xb7a3d0) returned 0x0 [0163.772] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e928 | out: ppvObject=0x18e928*=0xb7a3d4) returned 0x0 [0163.772] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18e978, pAuthzSvc=0x18e974, pServerPrincName=0x18e96c, pAuthnLevel=0x18e970, pImpLevel=0x18e960, pAuthInfo=0x18e964, pCapabilites=0x18e968 | out: pAuthnSvc=0x18e978*=0xa, pAuthzSvc=0x18e974*=0x0, pServerPrincName=0x18e96c, pAuthnLevel=0x18e970*=0x6, pImpLevel=0x18e960*=0x2, pAuthInfo=0x18e964, pCapabilites=0x18e968*=0x1) returned 0x0 [0163.772] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0163.772] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e91c | out: ppvObject=0x18e91c*=0xbbe800) returned 0x0 [0163.772] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e908 | out: ppvObject=0x18e908*=0xb7a3d4) returned 0x0 [0163.772] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.775] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0163.775] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x1 [0163.775] CoTaskMemFree (pv=0xe2f28e8) [0163.775] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0xbbe800) returned 0x0 [0163.776] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c0 | out: ppvObject=0x18e4c0*=0x0) returned 0x80004002 [0163.776] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0163.776] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0b4 | out: ppvObject=0x18e0b4*=0x0) returned 0x80004002 [0163.777] WbemLocator:IUnknown:AddRef (This=0xbbe800) returned 0x3 [0163.777] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de14 | out: ppvObject=0x18de14*=0x0) returned 0x80004002 [0163.777] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddc4 | out: ppvObject=0x18ddc4*=0x0) returned 0x80004002 [0163.777] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd0 | out: ppvObject=0x18ddd0*=0xbbe75c) returned 0x0 [0163.777] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe75c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddd8 | out: pCid=0x18ddd8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.777] WbemLocator:IUnknown:Release (This=0xbbe75c) returned 0x3 [0163.778] CoGetContextToken (in: pToken=0x18de30 | out: pToken=0x18de30) returned 0x0 [0163.778] CoGetContextToken (in: pToken=0x18e238 | out: pToken=0x18e238) returned 0x0 [0163.778] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2c4 | out: ppvObject=0x18e2c4*=0xbbe7e4) returned 0x0 [0163.778] WbemLocator:IRpcOptions:Query (in: This=0xbbe7e4, pPrx=0xbbe800, dwProperty=2, pdwValue=0x18e2d0 | out: pdwValue=0x18e2d0) returned 0x80004002 [0163.778] WbemLocator:IUnknown:Release (This=0xbbe7e4) returned 0x3 [0163.778] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x2 [0163.778] CoGetContextToken (in: pToken=0x18e818 | out: pToken=0x18e818) returned 0x0 [0163.778] CoGetContextToken (in: pToken=0x18e778 | out: pToken=0x18e778) returned 0x0 [0163.778] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x18e848*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18e844 | out: ppvObject=0x18e844*=0xb7a3d0) returned 0x0 [0163.778] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0163.778] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0163.779] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0163.779] IUnknown:Release (This=0xb7aa10) returned 0x2 [0163.779] SysStringLen (param_1=0x0) returned 0x0 [0163.779] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0163.779] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0163.779] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6be9388 | out: apObjects=0xc16518*=0xe2f4e38, puReturned=0x6be9388*=0x1) returned 0x0 [0165.107] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe2f4e38) returned 0x0 [0165.107] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.108] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.108] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.108] IUnknown:AddRef (This=0xe2f4e38) returned 0x3 [0165.108] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.108] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.108] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe2f4e3c) returned 0x0 [0165.108] IMarshal:GetUnmarshalClass (in: This=0xe2f4e3c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.108] IUnknown:Release (This=0xe2f4e3c) returned 0x3 [0165.108] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.109] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.109] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.109] IUnknown:Release (This=0xe2f4e38) returned 0x2 [0165.109] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.109] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.109] IUnknown:QueryInterface (in: This=0xe2f4e38, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe2f4e38) returned 0x0 [0165.109] IUnknown:AddRef (This=0xe2f4e38) returned 0x4 [0165.109] IUnknown:Release (This=0xe2f4e38) returned 0x3 [0165.109] IUnknown:Release (This=0xe2f4e38) returned 0x2 [0165.109] CoTaskMemFree (pv=0xc16518) [0165.109] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.109] IUnknown:AddRef (This=0xe2f4e38) returned 0x3 [0165.110] IWbemClassObject:Get (in: This=0xe2f4e38, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.110] IWbemClassObject:Get (in: This=0xe2f4e38, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.110] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x5c [0165.110] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x5c [0165.110] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.110] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.110] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.111] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.112] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc165c8) returned 0x0 [0165.113] WbemDefPath:IUnknown:QueryInterface (in: This=0xc165c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.113] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc165c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc3280) returned 0x0 [0165.113] WbemDefPath:IUnknown:Release (This=0xc165c8) returned 0x0 [0165.113] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc3280) returned 0x0 [0165.113] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.113] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.114] WbemDefPath:IUnknown:AddRef (This=0xbc3280) returned 0x3 [0165.114] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.114] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.114] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe2fb6c0) returned 0x0 [0165.114] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe2fb6c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.114] WbemDefPath:IUnknown:Release (This=0xe2fb6c0) returned 0x3 [0165.114] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.114] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.114] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.114] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x2 [0165.115] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x1 [0165.115] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.115] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.115] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc3280) returned 0x0 [0165.115] WbemDefPath:IUnknown:AddRef (This=0xbc3280) returned 0x3 [0165.115] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x2 [0165.115] WbemDefPath:IWbemPath:SetText (This=0xbc3280, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x0 [0165.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.115] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.115] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.116] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.116] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.116] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.116] IWbemClassObject:Get (in: This=0xe2f4e38, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be9bdc*=0, plFlavor=0x6be9be0*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x6be9bdc*=8, plFlavor=0x6be9be0*=0) returned 0x0 [0165.116] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0165.116] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0165.116] IWbemClassObject:Get (in: This=0xe2f4e38, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be9bdc*=8, plFlavor=0x6be9be0*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x6be9bdc*=8, plFlavor=0x6be9be0*=0) returned 0x0 [0165.116] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0165.116] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0165.116] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0165.117] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6be9388 | out: apObjects=0xc16588*=0xc17130, puReturned=0x6be9388*=0x1) returned 0x0 [0165.118] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xc17130) returned 0x0 [0165.118] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.118] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.118] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.118] IUnknown:AddRef (This=0xc17130) returned 0x3 [0165.118] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.119] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.119] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xc17134) returned 0x0 [0165.119] IMarshal:GetUnmarshalClass (in: This=0xc17134, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.119] IUnknown:Release (This=0xc17134) returned 0x3 [0165.119] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.119] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.119] IUnknown:QueryInterface (in: This=0xc17130, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.119] IUnknown:Release (This=0xc17130) returned 0x2 [0165.119] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.119] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.119] IUnknown:QueryInterface (in: This=0xc17130, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xc17130) returned 0x0 [0165.119] IUnknown:AddRef (This=0xc17130) returned 0x4 [0165.119] IUnknown:Release (This=0xc17130) returned 0x3 [0165.119] IUnknown:Release (This=0xc17130) returned 0x2 [0165.119] CoTaskMemFree (pv=0xc16588) [0165.120] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.120] IUnknown:AddRef (This=0xc17130) returned 0x3 [0165.120] IWbemClassObject:Get (in: This=0xc17130, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.120] IWbemClassObject:Get (in: This=0xc17130, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.120] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x5c [0165.120] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x5c [0165.120] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.120] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.120] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.121] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.122] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16538) returned 0x0 [0165.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16538, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.122] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16538, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc2e90) returned 0x0 [0165.122] WbemDefPath:IUnknown:Release (This=0xc16538) returned 0x0 [0165.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc2e90) returned 0x0 [0165.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.123] WbemDefPath:IUnknown:AddRef (This=0xbc2e90) returned 0x3 [0165.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe2fb6f0) returned 0x0 [0165.123] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe2fb6f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.123] WbemDefPath:IUnknown:Release (This=0xe2fb6f0) returned 0x3 [0165.123] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.123] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.124] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x2 [0165.124] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x1 [0165.124] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.124] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.124] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc2e90) returned 0x0 [0165.124] WbemDefPath:IUnknown:AddRef (This=0xbc2e90) returned 0x3 [0165.124] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x2 [0165.124] WbemDefPath:IWbemPath:SetText (This=0xbc2e90, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.125] IWbemClassObject:Get (in: This=0xc17130, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea484*=0, plFlavor=0x6bea488*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bea484*=8, plFlavor=0x6bea488*=0) returned 0x0 [0165.125] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0165.125] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0165.125] IWbemClassObject:Get (in: This=0xc17130, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea484*=8, plFlavor=0x6bea488*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bea484*=8, plFlavor=0x6bea488*=0) returned 0x0 [0165.125] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0165.125] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0165.125] CoTaskMemAlloc (cb=0x4) returned 0xc164a8 [0165.125] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164a8, puReturned=0x6be9388 | out: apObjects=0xc164a8*=0xe304290, puReturned=0x6be9388*=0x1) returned 0x0 [0165.126] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe304290) returned 0x0 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.127] IUnknown:AddRef (This=0xe304290) returned 0x3 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.127] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe304294) returned 0x0 [0165.127] IMarshal:GetUnmarshalClass (in: This=0xe304294, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.128] IUnknown:Release (This=0xe304294) returned 0x3 [0165.128] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.128] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.128] IUnknown:QueryInterface (in: This=0xe304290, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.128] IUnknown:Release (This=0xe304290) returned 0x2 [0165.128] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.128] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.128] IUnknown:QueryInterface (in: This=0xe304290, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe304290) returned 0x0 [0165.128] IUnknown:AddRef (This=0xe304290) returned 0x4 [0165.129] IUnknown:Release (This=0xe304290) returned 0x3 [0165.129] IUnknown:Release (This=0xe304290) returned 0x2 [0165.129] CoTaskMemFree (pv=0xc164a8) [0165.129] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.129] IUnknown:AddRef (This=0xe304290) returned 0x3 [0165.129] IWbemClassObject:Get (in: This=0xe304290, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.129] IWbemClassObject:Get (in: This=0xe304290, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.129] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x5c [0165.129] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x5c [0165.130] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.130] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.130] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.130] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.131] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164c8) returned 0x0 [0165.131] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.131] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc31a0) returned 0x0 [0165.131] WbemDefPath:IUnknown:Release (This=0xc164c8) returned 0x0 [0165.131] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc31a0) returned 0x0 [0165.132] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.132] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.132] WbemDefPath:IUnknown:AddRef (This=0xbc31a0) returned 0x3 [0165.132] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.132] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.132] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe2fb9f0) returned 0x0 [0165.132] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe2fb9f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.132] WbemDefPath:IUnknown:Release (This=0xe2fb9f0) returned 0x3 [0165.132] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.133] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.133] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.133] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x2 [0165.133] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x1 [0165.133] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.133] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.133] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc31a0) returned 0x0 [0165.133] WbemDefPath:IUnknown:AddRef (This=0xbc31a0) returned 0x3 [0165.133] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x2 [0165.133] WbemDefPath:IWbemPath:SetText (This=0xbc31a0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x0 [0165.133] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.133] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.134] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.134] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.134] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.134] IWbemClassObject:Get (in: This=0xe304290, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bead3c*=0, plFlavor=0x6bead40*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x6bead3c*=8, plFlavor=0x6bead40*=0) returned 0x0 [0165.134] SysStringByteLen (bstr="dwm.exe") returned 0xe [0165.134] SysStringByteLen (bstr="dwm.exe") returned 0xe [0165.134] IWbemClassObject:Get (in: This=0xe304290, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bead3c*=8, plFlavor=0x6bead40*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x6bead3c*=8, plFlavor=0x6bead40*=0) returned 0x0 [0165.134] SysStringByteLen (bstr="dwm.exe") returned 0xe [0165.134] SysStringByteLen (bstr="dwm.exe") returned 0xe [0165.135] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0165.135] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xb7f788, puReturned=0x6be9388*=0x1) returned 0x0 [0165.136] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xb7f788) returned 0x0 [0165.136] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.136] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.136] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.137] IUnknown:AddRef (This=0xb7f788) returned 0x3 [0165.137] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.137] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.137] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xb7f78c) returned 0x0 [0165.137] IMarshal:GetUnmarshalClass (in: This=0xb7f78c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.137] IUnknown:Release (This=0xb7f78c) returned 0x3 [0165.137] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.137] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.137] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.137] IUnknown:Release (This=0xb7f788) returned 0x2 [0165.138] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.138] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.138] IUnknown:QueryInterface (in: This=0xb7f788, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xb7f788) returned 0x0 [0165.138] IUnknown:AddRef (This=0xb7f788) returned 0x4 [0165.138] IUnknown:Release (This=0xb7f788) returned 0x3 [0165.138] IUnknown:Release (This=0xb7f788) returned 0x2 [0165.138] CoTaskMemFree (pv=0xc164f8) [0165.138] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.138] IUnknown:AddRef (This=0xb7f788) returned 0x3 [0165.138] IWbemClassObject:Get (in: This=0xb7f788, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.139] IWbemClassObject:Get (in: This=0xb7f788, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.139] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x5e [0165.139] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x5e [0165.139] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.139] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.139] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.139] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.140] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0165.141] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.141] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc3210) returned 0x0 [0165.141] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0165.141] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc3210) returned 0x0 [0165.141] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.141] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.142] WbemDefPath:IUnknown:AddRef (This=0xbc3210) returned 0x3 [0165.142] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.142] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.142] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe304c38) returned 0x0 [0165.142] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe304c38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.142] WbemDefPath:IUnknown:Release (This=0xe304c38) returned 0x3 [0165.142] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.142] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.143] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.143] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x2 [0165.143] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x1 [0165.144] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.144] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.144] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc3210) returned 0x0 [0165.144] WbemDefPath:IUnknown:AddRef (This=0xbc3210) returned 0x3 [0165.243] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x2 [0165.243] WbemDefPath:IWbemPath:SetText (This=0xbc3210, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.243] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.244] IWbemClassObject:Get (in: This=0xb7f788, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb5dc*=0, plFlavor=0x6beb5e0*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6beb5dc*=8, plFlavor=0x6beb5e0*=0) returned 0x0 [0165.244] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0165.244] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0165.244] IWbemClassObject:Get (in: This=0xb7f788, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb5dc*=8, plFlavor=0x6beb5e0*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6beb5dc*=8, plFlavor=0x6beb5e0*=0) returned 0x0 [0165.244] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0165.244] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0165.244] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0165.244] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xc16e18, puReturned=0x6be9388*=0x1) returned 0x0 [0165.246] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xc16e18) returned 0x0 [0165.246] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.246] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.246] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.246] IUnknown:AddRef (This=0xc16e18) returned 0x3 [0165.246] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.247] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.247] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xc16e1c) returned 0x0 [0165.247] IMarshal:GetUnmarshalClass (in: This=0xc16e1c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.247] IUnknown:Release (This=0xc16e1c) returned 0x3 [0165.247] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.247] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.247] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.247] IUnknown:Release (This=0xc16e18) returned 0x2 [0165.247] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.247] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.247] IUnknown:QueryInterface (in: This=0xc16e18, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xc16e18) returned 0x0 [0165.248] IUnknown:AddRef (This=0xc16e18) returned 0x4 [0165.248] IUnknown:Release (This=0xc16e18) returned 0x3 [0165.248] IUnknown:Release (This=0xc16e18) returned 0x2 [0165.248] CoTaskMemFree (pv=0xc16418) [0165.248] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.248] IUnknown:AddRef (This=0xc16e18) returned 0x3 [0165.248] IWbemClassObject:Get (in: This=0xc16e18, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.248] IWbemClassObject:Get (in: This=0xc16e18, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.248] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x5e [0165.249] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x5e [0165.249] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.249] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.249] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.249] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.250] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16508) returned 0x0 [0165.250] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.251] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc3360) returned 0x0 [0165.251] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0165.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc3360) returned 0x0 [0165.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.251] WbemDefPath:IUnknown:AddRef (This=0xbc3360) returned 0x3 [0165.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe304bd8) returned 0x0 [0165.252] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe304bd8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.252] WbemDefPath:IUnknown:Release (This=0xe304bd8) returned 0x3 [0165.252] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.252] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.252] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x2 [0165.252] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x1 [0165.252] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.252] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc3360) returned 0x0 [0165.253] WbemDefPath:IUnknown:AddRef (This=0xbc3360) returned 0x3 [0165.253] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x2 [0165.253] WbemDefPath:IWbemPath:SetText (This=0xbc3360, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.253] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.254] IWbemClassObject:Get (in: This=0xc16e18, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bebe8c*=0, plFlavor=0x6bebe90*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x6bebe8c*=8, plFlavor=0x6bebe90*=0) returned 0x0 [0165.254] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0165.254] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0165.254] IWbemClassObject:Get (in: This=0xc16e18, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bebe8c*=8, plFlavor=0x6bebe90*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x6bebe8c*=8, plFlavor=0x6bebe90*=0) returned 0x0 [0165.254] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0165.254] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0165.254] CoTaskMemAlloc (cb=0x4) returned 0xc16548 [0165.255] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16548, puReturned=0x6be9388 | out: apObjects=0xc16548*=0xb801b8, puReturned=0x6be9388*=0x1) returned 0x0 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xb801b8) returned 0x0 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.256] IUnknown:AddRef (This=0xb801b8) returned 0x3 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.256] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xb801bc) returned 0x0 [0165.257] IMarshal:GetUnmarshalClass (in: This=0xb801bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.257] IUnknown:Release (This=0xb801bc) returned 0x3 [0165.257] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.257] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.257] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.257] IUnknown:Release (This=0xb801b8) returned 0x2 [0165.257] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.257] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.257] IUnknown:QueryInterface (in: This=0xb801b8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xb801b8) returned 0x0 [0165.257] IUnknown:AddRef (This=0xb801b8) returned 0x4 [0165.257] IUnknown:Release (This=0xb801b8) returned 0x3 [0165.257] IUnknown:Release (This=0xb801b8) returned 0x2 [0165.257] CoTaskMemFree (pv=0xc16548) [0165.257] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.257] IUnknown:AddRef (This=0xb801b8) returned 0x3 [0165.258] IWbemClassObject:Get (in: This=0xb801b8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.258] IWbemClassObject:Get (in: This=0xb801b8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x5e [0165.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x5e [0165.258] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.258] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.258] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.258] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.260] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164b8) returned 0x0 [0165.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.260] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc2fe0) returned 0x0 [0165.260] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0165.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc2fe0) returned 0x0 [0165.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.260] WbemDefPath:IUnknown:AddRef (This=0xbc2fe0) returned 0x3 [0165.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe304e78) returned 0x0 [0165.261] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe304e78, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.261] WbemDefPath:IUnknown:Release (This=0xe304e78) returned 0x3 [0165.261] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.261] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.261] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x2 [0165.261] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x1 [0165.261] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.261] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc2fe0) returned 0x0 [0165.261] WbemDefPath:IUnknown:AddRef (This=0xbc2fe0) returned 0x3 [0165.261] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x2 [0165.262] WbemDefPath:IWbemPath:SetText (This=0xbc2fe0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.262] IWbemClassObject:Get (in: This=0xb801b8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec754*=0, plFlavor=0x6bec758*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x6bec754*=8, plFlavor=0x6bec758*=0) returned 0x0 [0165.262] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0165.262] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0165.262] IWbemClassObject:Get (in: This=0xb801b8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec754*=8, plFlavor=0x6bec758*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x6bec754*=8, plFlavor=0x6bec758*=0) returned 0x0 [0165.262] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0165.262] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0165.263] CoTaskMemAlloc (cb=0x4) returned 0xc163a8 [0165.263] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163a8, puReturned=0x6be9388 | out: apObjects=0xc163a8*=0xb80350, puReturned=0x6be9388*=0x1) returned 0x0 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xb80350) returned 0x0 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.264] IUnknown:AddRef (This=0xb80350) returned 0x3 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.264] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xb80354) returned 0x0 [0165.264] IMarshal:GetUnmarshalClass (in: This=0xb80354, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.264] IUnknown:Release (This=0xb80354) returned 0x3 [0165.264] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.265] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.265] IUnknown:QueryInterface (in: This=0xb80350, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.265] IUnknown:Release (This=0xb80350) returned 0x2 [0165.265] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.265] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.265] IUnknown:QueryInterface (in: This=0xb80350, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xb80350) returned 0x0 [0165.265] IUnknown:AddRef (This=0xb80350) returned 0x4 [0165.265] IUnknown:Release (This=0xb80350) returned 0x3 [0165.265] IUnknown:Release (This=0xb80350) returned 0x2 [0165.265] CoTaskMemFree (pv=0xc163a8) [0165.265] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.265] IUnknown:AddRef (This=0xb80350) returned 0x3 [0165.265] IWbemClassObject:Get (in: This=0xb80350, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.266] IWbemClassObject:Get (in: This=0xb80350, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.266] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x5c [0165.266] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x5c [0165.266] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.266] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.266] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.266] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.267] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164d8) returned 0x0 [0165.267] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.268] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc3050) returned 0x0 [0165.268] WbemDefPath:IUnknown:Release (This=0xc164d8) returned 0x0 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc3050) returned 0x0 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.268] WbemDefPath:IUnknown:AddRef (This=0xbc3050) returned 0x3 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3048f0) returned 0x0 [0165.269] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3048f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.269] WbemDefPath:IUnknown:Release (This=0xe3048f0) returned 0x3 [0165.269] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.269] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.318] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.318] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x2 [0165.318] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x1 [0165.318] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.318] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.318] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc3050) returned 0x0 [0165.318] WbemDefPath:IUnknown:AddRef (This=0xbc3050) returned 0x3 [0165.319] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x2 [0165.319] WbemDefPath:IWbemPath:SetText (This=0xbc3050, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.319] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.319] IWbemClassObject:Get (in: This=0xb80350, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed00c*=0, plFlavor=0x6bed010*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x6bed00c*=8, plFlavor=0x6bed010*=0) returned 0x0 [0165.319] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0165.320] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0165.320] IWbemClassObject:Get (in: This=0xb80350, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed00c*=8, plFlavor=0x6bed010*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x6bed00c*=8, plFlavor=0x6bed010*=0) returned 0x0 [0165.320] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0165.320] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0165.320] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0165.320] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6be9388 | out: apObjects=0xc16408*=0xb804e8, puReturned=0x6be9388*=0x1) returned 0x0 [0165.323] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xb804e8) returned 0x0 [0165.323] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.324] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.324] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.324] IUnknown:AddRef (This=0xb804e8) returned 0x3 [0165.324] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.324] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.324] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xb804ec) returned 0x0 [0165.325] IMarshal:GetUnmarshalClass (in: This=0xb804ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.325] IUnknown:Release (This=0xb804ec) returned 0x3 [0165.325] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.325] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.325] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.325] IUnknown:Release (This=0xb804e8) returned 0x2 [0165.325] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.325] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.326] IUnknown:QueryInterface (in: This=0xb804e8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xb804e8) returned 0x0 [0165.326] IUnknown:AddRef (This=0xb804e8) returned 0x4 [0165.326] IUnknown:Release (This=0xb804e8) returned 0x3 [0165.326] IUnknown:Release (This=0xb804e8) returned 0x2 [0165.326] CoTaskMemFree (pv=0xc16408) [0165.326] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.326] IUnknown:AddRef (This=0xb804e8) returned 0x3 [0165.326] IWbemClassObject:Get (in: This=0xb804e8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.327] IWbemClassObject:Get (in: This=0xb804e8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.327] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x5e [0165.327] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x5e [0165.327] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.327] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.328] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.328] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.329] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16448) returned 0x0 [0165.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.330] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc33d0) returned 0x0 [0165.330] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0165.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc33d0) returned 0x0 [0165.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.331] WbemDefPath:IUnknown:AddRef (This=0xbc33d0) returned 0x3 [0165.331] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.331] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.332] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe304788) returned 0x0 [0165.332] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe304788, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.332] WbemDefPath:IUnknown:Release (This=0xe304788) returned 0x3 [0165.332] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.332] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.332] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.333] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x2 [0165.333] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x1 [0165.333] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.333] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.333] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc33d0) returned 0x0 [0165.333] WbemDefPath:IUnknown:AddRef (This=0xbc33d0) returned 0x3 [0165.333] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x2 [0165.334] WbemDefPath:IWbemPath:SetText (This=0xbc33d0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x0 [0165.334] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.334] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.334] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.335] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.335] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.335] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.335] IWbemClassObject:Get (in: This=0xb804e8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed8c4*=0, plFlavor=0x6bed8c8*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x6bed8c4*=8, plFlavor=0x6bed8c8*=0) returned 0x0 [0165.335] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0165.335] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0165.335] IWbemClassObject:Get (in: This=0xb804e8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed8c4*=8, plFlavor=0x6bed8c8*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x6bed8c4*=8, plFlavor=0x6bed8c8*=0) returned 0x0 [0165.336] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0165.336] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0165.336] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0165.336] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xb7fbd0, puReturned=0x6be9388*=0x1) returned 0x0 [0165.337] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xb7fbd0) returned 0x0 [0165.338] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.338] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.338] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.338] IUnknown:AddRef (This=0xb7fbd0) returned 0x3 [0165.339] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.339] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.339] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xb7fbd4) returned 0x0 [0165.339] IMarshal:GetUnmarshalClass (in: This=0xb7fbd4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.339] IUnknown:Release (This=0xb7fbd4) returned 0x3 [0165.339] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.339] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.340] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.340] IUnknown:Release (This=0xb7fbd0) returned 0x2 [0165.340] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.340] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.340] IUnknown:QueryInterface (in: This=0xb7fbd0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xb7fbd0) returned 0x0 [0165.340] IUnknown:AddRef (This=0xb7fbd0) returned 0x4 [0165.340] IUnknown:Release (This=0xb7fbd0) returned 0x3 [0165.341] IUnknown:Release (This=0xb7fbd0) returned 0x2 [0165.341] CoTaskMemFree (pv=0xc16508) [0165.341] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.341] IUnknown:AddRef (This=0xb7fbd0) returned 0x3 [0165.341] IWbemClassObject:Get (in: This=0xb7fbd0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.341] IWbemClassObject:Get (in: This=0xb7fbd0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.342] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x5e [0165.342] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x5e [0165.342] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.342] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.342] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.342] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.346] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16568) returned 0x0 [0165.346] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.346] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16568, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xbc30c0) returned 0x0 [0165.346] WbemDefPath:IUnknown:Release (This=0xc16568) returned 0x0 [0165.346] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xbc30c0) returned 0x0 [0165.346] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.347] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.347] WbemDefPath:IUnknown:AddRef (This=0xbc30c0) returned 0x3 [0165.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305060) returned 0x0 [0165.352] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305060, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.352] WbemDefPath:IUnknown:Release (This=0xe305060) returned 0x3 [0165.352] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.352] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.352] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x2 [0165.353] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x1 [0165.353] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.353] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.353] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xbc30c0) returned 0x0 [0165.353] WbemDefPath:IUnknown:AddRef (This=0xbc30c0) returned 0x3 [0165.353] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x2 [0165.353] WbemDefPath:IWbemPath:SetText (This=0xbc30c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x0 [0165.353] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.354] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.354] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.354] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.354] IWbemClassObject:Get (in: This=0xb7fbd0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bee1a4*=0, plFlavor=0x6bee1a8*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x6bee1a4*=8, plFlavor=0x6bee1a8*=0) returned 0x0 [0165.354] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0165.354] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0165.354] IWbemClassObject:Get (in: This=0xb7fbd0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bee1a4*=8, plFlavor=0x6bee1a8*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x6bee1a4*=8, plFlavor=0x6bee1a8*=0) returned 0x0 [0165.354] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0165.354] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0165.354] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0165.355] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xe301ff0, puReturned=0x6be9388*=0x1) returned 0x0 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe301ff0) returned 0x0 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.356] IUnknown:AddRef (This=0xe301ff0) returned 0x3 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.356] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe301ff4) returned 0x0 [0165.356] IMarshal:GetUnmarshalClass (in: This=0xe301ff4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.357] IUnknown:Release (This=0xe301ff4) returned 0x3 [0165.357] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.357] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.357] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.357] IUnknown:Release (This=0xe301ff0) returned 0x2 [0165.357] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.357] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.357] IUnknown:QueryInterface (in: This=0xe301ff0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe301ff0) returned 0x0 [0165.357] IUnknown:AddRef (This=0xe301ff0) returned 0x4 [0165.357] IUnknown:Release (This=0xe301ff0) returned 0x3 [0165.357] IUnknown:Release (This=0xe301ff0) returned 0x2 [0165.358] CoTaskMemFree (pv=0xc164b8) [0165.358] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.358] IUnknown:AddRef (This=0xe301ff0) returned 0x3 [0165.358] IWbemClassObject:Get (in: This=0xe301ff0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.358] IWbemClassObject:Get (in: This=0xe301ff0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.359] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x58 [0165.359] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x58 [0165.359] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.359] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.359] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.359] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.360] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16458) returned 0x0 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16458, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.361] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16458, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306a10) returned 0x0 [0165.361] WbemDefPath:IUnknown:Release (This=0xc16458) returned 0x0 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306a10) returned 0x0 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.361] WbemDefPath:IUnknown:AddRef (This=0xe306a10) returned 0x3 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.361] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.362] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3051f8) returned 0x0 [0165.362] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3051f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.362] WbemDefPath:IUnknown:Release (This=0xe3051f8) returned 0x3 [0165.362] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.362] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.362] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.362] WbemDefPath:IUnknown:Release (This=0xe306a10) returned 0x2 [0165.362] WbemDefPath:IUnknown:Release (This=0xe306a10) returned 0x1 [0165.363] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.363] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.363] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a10, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306a10) returned 0x0 [0165.363] WbemDefPath:IUnknown:AddRef (This=0xe306a10) returned 0x3 [0165.363] WbemDefPath:IUnknown:Release (This=0xe306a10) returned 0x2 [0165.363] WbemDefPath:IWbemPath:SetText (This=0xe306a10, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x0 [0165.363] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.363] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.363] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.364] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.364] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.364] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.364] IWbemClassObject:Get (in: This=0xe301ff0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beea58*=0, plFlavor=0x6beea5c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x6beea58*=8, plFlavor=0x6beea5c*=0) returned 0x0 [0165.364] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0165.364] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0165.364] IWbemClassObject:Get (in: This=0xe301ff0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beea58*=8, plFlavor=0x6beea5c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x6beea58*=8, plFlavor=0x6beea5c*=0) returned 0x0 [0165.364] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0165.365] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0165.365] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0165.365] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe3010d0, puReturned=0x6be9388*=0x1) returned 0x0 [0165.369] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3010d0) returned 0x0 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0165.370] IUnknown:AddRef (This=0xe3010d0) returned 0x3 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0165.370] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3010d4) returned 0x0 [0165.370] IMarshal:GetUnmarshalClass (in: This=0xe3010d4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0165.370] IUnknown:Release (This=0xe3010d4) returned 0x3 [0165.370] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0165.371] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0165.371] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0165.371] IUnknown:Release (This=0xe3010d0) returned 0x2 [0165.371] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0165.371] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0165.371] IUnknown:QueryInterface (in: This=0xe3010d0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3010d0) returned 0x0 [0165.371] IUnknown:AddRef (This=0xe3010d0) returned 0x4 [0165.371] IUnknown:Release (This=0xe3010d0) returned 0x3 [0165.371] IUnknown:Release (This=0xe3010d0) returned 0x2 [0165.371] CoTaskMemFree (pv=0xc164f8) [0165.372] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0165.372] IUnknown:AddRef (This=0xe3010d0) returned 0x3 [0165.372] IWbemClassObject:Get (in: This=0xe3010d0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0165.372] IWbemClassObject:Get (in: This=0xe3010d0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0165.372] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x5e [0165.372] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x5e [0165.372] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0165.372] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0165.373] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0165.373] IUnknown:Release (This=0xb71a3c) returned 0x1 [0165.374] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16428) returned 0x0 [0165.374] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0165.374] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16428, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306230) returned 0x0 [0165.374] WbemDefPath:IUnknown:Release (This=0xc16428) returned 0x0 [0165.374] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306230) returned 0x0 [0165.375] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0165.375] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0165.375] WbemDefPath:IUnknown:AddRef (This=0xe306230) returned 0x3 [0165.375] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0165.375] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0165.375] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305498) returned 0x0 [0165.375] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.375] WbemDefPath:IUnknown:Release (This=0xe305498) returned 0x3 [0165.375] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0165.376] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0165.376] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0165.376] WbemDefPath:IUnknown:Release (This=0xe306230) returned 0x2 [0165.376] WbemDefPath:IUnknown:Release (This=0xe306230) returned 0x1 [0165.376] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0165.376] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0165.376] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306230, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306230) returned 0x0 [0165.376] WbemDefPath:IUnknown:AddRef (This=0xe306230) returned 0x3 [0165.376] WbemDefPath:IUnknown:Release (This=0xe306230) returned 0x2 [0165.376] WbemDefPath:IWbemPath:SetText (This=0xe306230, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x0 [0165.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0165.376] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0165.377] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.377] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0165.377] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0165.377] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.377] IWbemClassObject:Get (in: This=0xe3010d0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bef308*=0, plFlavor=0x6bef30c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ApplicationFrameHost.exe", varVal2=0x0), pType=0x6bef308*=8, plFlavor=0x6bef30c*=0) returned 0x0 [0165.377] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0165.377] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0165.377] IWbemClassObject:Get (in: This=0xe3010d0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bef308*=8, plFlavor=0x6bef30c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ApplicationFrameHost.exe", varVal2=0x0), pType=0x6bef308*=8, plFlavor=0x6bef30c*=0) returned 0x0 [0165.377] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0165.377] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0165.378] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0165.378] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe3075b0, puReturned=0x6be9388*=0x1) returned 0x0 [0166.494] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3075b0) returned 0x0 [0166.494] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.494] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.494] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.495] IUnknown:AddRef (This=0xe3075b0) returned 0x3 [0166.495] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.495] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.495] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3075b4) returned 0x0 [0166.495] IMarshal:GetUnmarshalClass (in: This=0xe3075b4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.495] IUnknown:Release (This=0xe3075b4) returned 0x3 [0166.495] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.495] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.495] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.496] IUnknown:Release (This=0xe3075b0) returned 0x2 [0166.496] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.496] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.496] IUnknown:QueryInterface (in: This=0xe3075b0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3075b0) returned 0x0 [0166.496] IUnknown:AddRef (This=0xe3075b0) returned 0x4 [0166.496] IUnknown:Release (This=0xe3075b0) returned 0x3 [0166.496] IUnknown:Release (This=0xe3075b0) returned 0x2 [0166.496] CoTaskMemFree (pv=0xc163b8) [0166.496] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.496] IUnknown:AddRef (This=0xe3075b0) returned 0x3 [0166.496] IWbemClassObject:Get (in: This=0xe3075b0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.497] IWbemClassObject:Get (in: This=0xe3075b0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.497] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x5e [0166.497] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x5e [0166.497] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.497] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.497] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.497] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.499] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0166.499] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.499] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306930) returned 0x0 [0166.499] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0166.499] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306930) returned 0x0 [0166.499] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.499] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.500] WbemDefPath:IUnknown:AddRef (This=0xe306930) returned 0x3 [0166.500] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.500] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.500] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305768) returned 0x0 [0166.500] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305768, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.500] WbemDefPath:IUnknown:Release (This=0xe305768) returned 0x3 [0166.500] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.501] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.501] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.501] WbemDefPath:IUnknown:Release (This=0xe306930) returned 0x2 [0166.501] WbemDefPath:IUnknown:Release (This=0xe306930) returned 0x1 [0166.501] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.501] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.501] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306930, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306930) returned 0x0 [0166.501] WbemDefPath:IUnknown:AddRef (This=0xe306930) returned 0x3 [0166.501] WbemDefPath:IUnknown:Release (This=0xe306930) returned 0x2 [0166.501] WbemDefPath:IWbemPath:SetText (This=0xe306930, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.502] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.502] IWbemClassObject:Get (in: This=0xe3075b0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befbf0*=0, plFlavor=0x6befbf4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettings.exe", varVal2=0x0), pType=0x6befbf0*=8, plFlavor=0x6befbf4*=0) returned 0x0 [0166.502] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0166.502] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0166.503] IWbemClassObject:Get (in: This=0xe3075b0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befbf0*=8, plFlavor=0x6befbf4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettings.exe", varVal2=0x0), pType=0x6befbf0*=8, plFlavor=0x6befbf4*=0) returned 0x0 [0166.503] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0166.503] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0166.503] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0166.503] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe307a10, puReturned=0x6be9388*=0x1) returned 0x0 [0166.505] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe307a10) returned 0x0 [0166.505] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.506] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.506] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.506] IUnknown:AddRef (This=0xe307a10) returned 0x3 [0166.506] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.506] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.506] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe307a14) returned 0x0 [0166.507] IMarshal:GetUnmarshalClass (in: This=0xe307a14, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.507] IUnknown:Release (This=0xe307a14) returned 0x3 [0166.507] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.507] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.507] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.507] IUnknown:Release (This=0xe307a10) returned 0x2 [0166.507] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.507] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.507] IUnknown:QueryInterface (in: This=0xe307a10, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe307a10) returned 0x0 [0166.507] IUnknown:AddRef (This=0xe307a10) returned 0x4 [0166.507] IUnknown:Release (This=0xe307a10) returned 0x3 [0166.508] IUnknown:Release (This=0xe307a10) returned 0x2 [0166.508] CoTaskMemFree (pv=0xc163b8) [0166.508] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.508] IUnknown:AddRef (This=0xe307a10) returned 0x3 [0166.508] IWbemClassObject:Get (in: This=0xe307a10, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.508] IWbemClassObject:Get (in: This=0xe307a10, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.508] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x5e [0166.508] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x5e [0166.508] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.509] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.509] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.509] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.510] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16518) returned 0x0 [0166.511] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.511] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306b60) returned 0x0 [0166.511] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0166.511] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306b60) returned 0x0 [0166.511] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.511] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.512] WbemDefPath:IUnknown:AddRef (This=0xe306b60) returned 0x3 [0166.512] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.512] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.512] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305810) returned 0x0 [0166.512] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305810, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.512] WbemDefPath:IUnknown:Release (This=0xe305810) returned 0x3 [0166.512] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.512] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.512] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.512] WbemDefPath:IUnknown:Release (This=0xe306b60) returned 0x2 [0166.512] WbemDefPath:IUnknown:Release (This=0xe306b60) returned 0x1 [0166.513] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.513] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.513] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306b60, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306b60) returned 0x0 [0166.513] WbemDefPath:IUnknown:AddRef (This=0xe306b60) returned 0x3 [0166.513] WbemDefPath:IUnknown:Release (This=0xe306b60) returned 0x2 [0166.513] WbemDefPath:IWbemPath:SetText (This=0xe306b60, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.513] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.513] IWbemClassObject:Get (in: This=0xe307a10, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf04c0*=0, plFlavor=0x6bf04c4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6bf04c0*=8, plFlavor=0x6bf04c4*=0) returned 0x0 [0166.513] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0166.514] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0166.514] IWbemClassObject:Get (in: This=0xe307a10, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf04c0*=8, plFlavor=0x6bf04c4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6bf04c0*=8, plFlavor=0x6bf04c4*=0) returned 0x0 [0166.514] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0166.514] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0166.514] CoTaskMemAlloc (cb=0x4) returned 0xc16448 [0166.514] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16448, puReturned=0x6be9388 | out: apObjects=0xc16448*=0xe307ba8, puReturned=0x6be9388*=0x1) returned 0x0 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe307ba8) returned 0x0 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.516] IUnknown:AddRef (This=0xe307ba8) returned 0x3 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.516] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.517] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe307bac) returned 0x0 [0166.517] IMarshal:GetUnmarshalClass (in: This=0xe307bac, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.517] IUnknown:Release (This=0xe307bac) returned 0x3 [0166.517] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.517] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.517] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.518] IUnknown:Release (This=0xe307ba8) returned 0x2 [0166.518] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.518] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.518] IUnknown:QueryInterface (in: This=0xe307ba8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe307ba8) returned 0x0 [0166.518] IUnknown:AddRef (This=0xe307ba8) returned 0x4 [0166.518] IUnknown:Release (This=0xe307ba8) returned 0x3 [0166.518] IUnknown:Release (This=0xe307ba8) returned 0x2 [0166.518] CoTaskMemFree (pv=0xc16448) [0166.518] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.518] IUnknown:AddRef (This=0xe307ba8) returned 0x3 [0166.518] IWbemClassObject:Get (in: This=0xe307ba8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.519] IWbemClassObject:Get (in: This=0xe307ba8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.519] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x5e [0166.519] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x5e [0166.519] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.520] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.520] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.520] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.522] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16548) returned 0x0 [0166.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.568] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3068c0) returned 0x0 [0166.568] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0166.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3068c0) returned 0x0 [0166.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.569] WbemDefPath:IUnknown:AddRef (This=0xe3068c0) returned 0x3 [0166.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305870) returned 0x0 [0166.570] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305870, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.570] WbemDefPath:IUnknown:Release (This=0xe305870) returned 0x3 [0166.570] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.570] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.570] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.570] WbemDefPath:IUnknown:Release (This=0xe3068c0) returned 0x2 [0166.570] WbemDefPath:IUnknown:Release (This=0xe3068c0) returned 0x1 [0166.570] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.570] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.571] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3068c0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3068c0) returned 0x0 [0166.571] WbemDefPath:IUnknown:AddRef (This=0xe3068c0) returned 0x3 [0166.571] WbemDefPath:IUnknown:Release (This=0xe3068c0) returned 0x2 [0166.571] WbemDefPath:IWbemPath:SetText (This=0xe3068c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.571] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.571] IWbemClassObject:Get (in: This=0xe307ba8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0d78*=0, plFlavor=0x6bf0d7c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="face.exe", varVal2=0x0), pType=0x6bf0d78*=8, plFlavor=0x6bf0d7c*=0) returned 0x0 [0166.571] SysStringByteLen (bstr="face.exe") returned 0x10 [0166.572] SysStringByteLen (bstr="face.exe") returned 0x10 [0166.572] IWbemClassObject:Get (in: This=0xe307ba8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0d78*=8, plFlavor=0x6bf0d7c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="face.exe", varVal2=0x0), pType=0x6bf0d78*=8, plFlavor=0x6bf0d7c*=0) returned 0x0 [0166.572] SysStringByteLen (bstr="face.exe") returned 0x10 [0166.572] SysStringByteLen (bstr="face.exe") returned 0x10 [0166.572] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0166.572] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xc225e0, puReturned=0x6be9388*=0x1) returned 0x0 [0166.574] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xc225e0) returned 0x0 [0166.574] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.574] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.574] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.575] IUnknown:AddRef (This=0xc225e0) returned 0x3 [0166.575] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.575] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.575] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xc225e4) returned 0x0 [0166.575] IMarshal:GetUnmarshalClass (in: This=0xc225e4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.575] IUnknown:Release (This=0xc225e4) returned 0x3 [0166.575] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.575] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.575] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.576] IUnknown:Release (This=0xc225e0) returned 0x2 [0166.576] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.576] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.576] IUnknown:QueryInterface (in: This=0xc225e0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xc225e0) returned 0x0 [0166.576] IUnknown:AddRef (This=0xc225e0) returned 0x4 [0166.576] IUnknown:Release (This=0xc225e0) returned 0x3 [0166.576] IUnknown:Release (This=0xc225e0) returned 0x2 [0166.576] CoTaskMemFree (pv=0xc16418) [0166.576] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.576] IUnknown:AddRef (This=0xc225e0) returned 0x3 [0166.576] IWbemClassObject:Get (in: This=0xc225e0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.576] IWbemClassObject:Get (in: This=0xc225e0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.577] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x5e [0166.577] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x5e [0166.577] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.577] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.577] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.577] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.579] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16488) returned 0x0 [0166.579] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.579] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3064d0) returned 0x0 [0166.579] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0166.579] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3064d0) returned 0x0 [0166.580] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.580] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.580] WbemDefPath:IUnknown:AddRef (This=0xe3064d0) returned 0x3 [0166.580] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.580] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.581] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305a50) returned 0x0 [0166.581] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305a50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.581] WbemDefPath:IUnknown:Release (This=0xe305a50) returned 0x3 [0166.581] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.581] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.581] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.582] WbemDefPath:IUnknown:Release (This=0xe3064d0) returned 0x2 [0166.582] WbemDefPath:IUnknown:Release (This=0xe3064d0) returned 0x1 [0166.582] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.582] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.582] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3064d0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3064d0) returned 0x0 [0166.582] WbemDefPath:IUnknown:AddRef (This=0xe3064d0) returned 0x3 [0166.583] WbemDefPath:IUnknown:Release (This=0xe3064d0) returned 0x2 [0166.583] WbemDefPath:IWbemPath:SetText (This=0xe3064d0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.583] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.583] IWbemClassObject:Get (in: This=0xc225e0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1620*=0, plFlavor=0x6bf1624*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relationship short town.exe", varVal2=0x0), pType=0x6bf1620*=8, plFlavor=0x6bf1624*=0) returned 0x0 [0166.584] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0166.584] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0166.584] IWbemClassObject:Get (in: This=0xc225e0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1620*=8, plFlavor=0x6bf1624*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relationship short town.exe", varVal2=0x0), pType=0x6bf1620*=8, plFlavor=0x6bf1624*=0) returned 0x0 [0166.584] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0166.584] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0166.584] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0166.585] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xbfc680, puReturned=0x6be9388*=0x1) returned 0x0 [0166.586] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xbfc680) returned 0x0 [0166.586] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.586] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.586] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.587] IUnknown:AddRef (This=0xbfc680) returned 0x3 [0166.587] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.587] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.587] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xbfc684) returned 0x0 [0166.587] IMarshal:GetUnmarshalClass (in: This=0xbfc684, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.587] IUnknown:Release (This=0xbfc684) returned 0x3 [0166.587] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.588] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.588] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.588] IUnknown:Release (This=0xbfc680) returned 0x2 [0166.588] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.588] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.588] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xbfc680) returned 0x0 [0166.588] IUnknown:AddRef (This=0xbfc680) returned 0x4 [0166.589] IUnknown:Release (This=0xbfc680) returned 0x3 [0166.589] IUnknown:Release (This=0xbfc680) returned 0x2 [0166.589] CoTaskMemFree (pv=0xc164b8) [0166.589] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.589] IUnknown:AddRef (This=0xbfc680) returned 0x3 [0166.589] IWbemClassObject:Get (in: This=0xbfc680, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.589] IWbemClassObject:Get (in: This=0xbfc680, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.589] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x5e [0166.590] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x5e [0166.590] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.590] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.590] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.590] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.592] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164f8) returned 0x0 [0166.592] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.592] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3061c0) returned 0x0 [0166.592] WbemDefPath:IUnknown:Release (This=0xc164f8) returned 0x0 [0166.592] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3061c0) returned 0x0 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:AddRef (This=0xe3061c0) returned 0x3 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.594] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305bb8) returned 0x0 [0166.594] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305bb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.594] WbemDefPath:IUnknown:Release (This=0xe305bb8) returned 0x3 [0166.594] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.594] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.594] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.595] WbemDefPath:IUnknown:Release (This=0xe3061c0) returned 0x2 [0166.595] WbemDefPath:IUnknown:Release (This=0xe3061c0) returned 0x1 [0166.595] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.595] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.595] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3061c0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3061c0) returned 0x0 [0166.595] WbemDefPath:IUnknown:AddRef (This=0xe3061c0) returned 0x3 [0166.595] WbemDefPath:IUnknown:Release (This=0xe3061c0) returned 0x2 [0166.595] WbemDefPath:IWbemPath:SetText (This=0xe3061c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x0 [0166.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.595] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.595] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.596] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.596] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.596] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.596] IWbemClassObject:Get (in: This=0xbfc680, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1f10*=0, plFlavor=0x6bf1f14*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="appear.exe", varVal2=0x0), pType=0x6bf1f10*=8, plFlavor=0x6bf1f14*=0) returned 0x0 [0166.596] SysStringByteLen (bstr="appear.exe") returned 0x14 [0166.596] SysStringByteLen (bstr="appear.exe") returned 0x14 [0166.596] IWbemClassObject:Get (in: This=0xbfc680, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1f10*=8, plFlavor=0x6bf1f14*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="appear.exe", varVal2=0x0), pType=0x6bf1f10*=8, plFlavor=0x6bf1f14*=0) returned 0x0 [0166.597] SysStringByteLen (bstr="appear.exe") returned 0x14 [0166.597] SysStringByteLen (bstr="appear.exe") returned 0x14 [0166.597] CoTaskMemAlloc (cb=0x4) returned 0xc164c8 [0166.646] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164c8, puReturned=0x6be9388 | out: apObjects=0xc164c8*=0xbfc818, puReturned=0x6be9388*=0x1) returned 0x0 [0166.647] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xbfc818) returned 0x0 [0166.647] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.647] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.647] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.648] IUnknown:AddRef (This=0xbfc818) returned 0x3 [0166.648] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.648] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.648] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xbfc81c) returned 0x0 [0166.649] IMarshal:GetUnmarshalClass (in: This=0xbfc81c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.649] IUnknown:Release (This=0xbfc81c) returned 0x3 [0166.649] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.649] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.649] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.649] IUnknown:Release (This=0xbfc818) returned 0x2 [0166.649] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.649] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.650] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xbfc818) returned 0x0 [0166.650] IUnknown:AddRef (This=0xbfc818) returned 0x4 [0166.650] IUnknown:Release (This=0xbfc818) returned 0x3 [0166.650] IUnknown:Release (This=0xbfc818) returned 0x2 [0166.650] CoTaskMemFree (pv=0xc164c8) [0166.650] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.650] IUnknown:AddRef (This=0xbfc818) returned 0x3 [0166.650] IWbemClassObject:Get (in: This=0xbfc818, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.652] IWbemClassObject:Get (in: This=0xbfc818, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.652] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x5e [0166.652] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x5e [0166.652] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.653] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.653] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.653] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.654] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0166.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.655] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3062a0) returned 0x0 [0166.655] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0166.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3062a0) returned 0x0 [0166.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.656] WbemDefPath:IUnknown:AddRef (This=0xe3062a0) returned 0x3 [0166.656] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.656] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.656] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe305c60) returned 0x0 [0166.657] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305c60, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.657] WbemDefPath:IUnknown:Release (This=0xe305c60) returned 0x3 [0166.657] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.657] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.657] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.657] WbemDefPath:IUnknown:Release (This=0xe3062a0) returned 0x2 [0166.657] WbemDefPath:IUnknown:Release (This=0xe3062a0) returned 0x1 [0166.658] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.658] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.658] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3062a0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3062a0) returned 0x0 [0166.658] WbemDefPath:IUnknown:AddRef (This=0xe3062a0) returned 0x3 [0166.658] WbemDefPath:IUnknown:Release (This=0xe3062a0) returned 0x2 [0166.658] WbemDefPath:IWbemPath:SetText (This=0xe3062a0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x0 [0166.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.659] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.659] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.660] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.660] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.660] IWbemClassObject:Get (in: This=0xbfc818, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf27c0*=0, plFlavor=0x6bf27c4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="controlmachine.exe", varVal2=0x0), pType=0x6bf27c0*=8, plFlavor=0x6bf27c4*=0) returned 0x0 [0166.660] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0166.660] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0166.661] IWbemClassObject:Get (in: This=0xbfc818, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf27c0*=8, plFlavor=0x6bf27c4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="controlmachine.exe", varVal2=0x0), pType=0x6bf27c0*=8, plFlavor=0x6bf27c4*=0) returned 0x0 [0166.661] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0166.661] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0166.661] CoTaskMemAlloc (cb=0x4) returned 0xc16568 [0166.661] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16568, puReturned=0x6be9388 | out: apObjects=0xc16568*=0xbfcb48, puReturned=0x6be9388*=0x1) returned 0x0 [0166.662] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xbfcb48) returned 0x0 [0166.662] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.663] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.663] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.663] IUnknown:AddRef (This=0xbfcb48) returned 0x3 [0166.663] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.663] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.663] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xbfcb4c) returned 0x0 [0166.663] IMarshal:GetUnmarshalClass (in: This=0xbfcb4c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.664] IUnknown:Release (This=0xbfcb4c) returned 0x3 [0166.664] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.664] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.664] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.664] IUnknown:Release (This=0xbfcb48) returned 0x2 [0166.664] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.664] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.664] IUnknown:QueryInterface (in: This=0xbfcb48, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xbfcb48) returned 0x0 [0166.664] IUnknown:AddRef (This=0xbfcb48) returned 0x4 [0166.664] IUnknown:Release (This=0xbfcb48) returned 0x3 [0166.665] IUnknown:Release (This=0xbfcb48) returned 0x2 [0166.665] CoTaskMemFree (pv=0xc16568) [0166.665] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.665] IUnknown:AddRef (This=0xbfcb48) returned 0x3 [0166.665] IWbemClassObject:Get (in: This=0xbfcb48, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.665] IWbemClassObject:Get (in: This=0xbfcb48, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.665] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0166.666] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0166.666] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.666] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.666] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.666] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.668] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164b8) returned 0x0 [0166.668] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.668] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3069a0) returned 0x0 [0166.668] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0166.668] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3069a0) returned 0x0 [0166.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.669] WbemDefPath:IUnknown:AddRef (This=0xe3069a0) returned 0x3 [0166.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3095a0) returned 0x0 [0166.669] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3095a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.670] WbemDefPath:IUnknown:Release (This=0xe3095a0) returned 0x3 [0166.670] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.670] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.670] WbemDefPath:IUnknown:Release (This=0xe3069a0) returned 0x2 [0166.670] WbemDefPath:IUnknown:Release (This=0xe3069a0) returned 0x1 [0166.670] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.670] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3069a0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3069a0) returned 0x0 [0166.670] WbemDefPath:IUnknown:AddRef (This=0xe3069a0) returned 0x3 [0166.671] WbemDefPath:IUnknown:Release (This=0xe3069a0) returned 0x2 [0166.671] WbemDefPath:IWbemPath:SetText (This=0xe3069a0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.671] IWbemClassObject:Get (in: This=0xbfcb48, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3090*=0, plFlavor=0x6bf3094*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central.exe", varVal2=0x0), pType=0x6bf3090*=8, plFlavor=0x6bf3094*=0) returned 0x0 [0166.671] SysStringByteLen (bstr="central.exe") returned 0x16 [0166.671] SysStringByteLen (bstr="central.exe") returned 0x16 [0166.672] IWbemClassObject:Get (in: This=0xbfcb48, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3090*=8, plFlavor=0x6bf3094*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central.exe", varVal2=0x0), pType=0x6bf3090*=8, plFlavor=0x6bf3094*=0) returned 0x0 [0166.672] SysStringByteLen (bstr="central.exe") returned 0x16 [0166.672] SysStringByteLen (bstr="central.exe") returned 0x16 [0166.672] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0166.672] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xbfc350, puReturned=0x6be9388*=0x1) returned 0x0 [0166.674] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xbfc350) returned 0x0 [0166.675] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.675] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.675] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.676] IUnknown:AddRef (This=0xbfc350) returned 0x3 [0166.676] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.676] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.676] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xbfc354) returned 0x0 [0166.676] IMarshal:GetUnmarshalClass (in: This=0xbfc354, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.676] IUnknown:Release (This=0xbfc354) returned 0x3 [0166.676] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.676] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.676] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.677] IUnknown:Release (This=0xbfc350) returned 0x2 [0166.677] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.677] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.677] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xbfc350) returned 0x0 [0166.677] IUnknown:AddRef (This=0xbfc350) returned 0x4 [0166.677] IUnknown:Release (This=0xbfc350) returned 0x3 [0166.677] IUnknown:Release (This=0xbfc350) returned 0x2 [0166.677] CoTaskMemFree (pv=0xc16418) [0166.677] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.677] IUnknown:AddRef (This=0xbfc350) returned 0x3 [0166.678] IWbemClassObject:Get (in: This=0xbfc350, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.678] IWbemClassObject:Get (in: This=0xbfc350, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.678] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x5e [0166.678] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x5e [0166.678] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.678] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.678] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.679] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.680] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163f8) returned 0x0 [0166.680] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.681] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3063f0) returned 0x0 [0166.681] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0166.681] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3063f0) returned 0x0 [0166.681] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.681] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.682] WbemDefPath:IUnknown:AddRef (This=0xe3063f0) returned 0x3 [0166.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe309810) returned 0x0 [0166.682] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe309810, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.682] WbemDefPath:IUnknown:Release (This=0xe309810) returned 0x3 [0166.682] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.682] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.683] WbemDefPath:IUnknown:Release (This=0xe3063f0) returned 0x2 [0166.683] WbemDefPath:IUnknown:Release (This=0xe3063f0) returned 0x1 [0166.683] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.683] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.683] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3063f0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3063f0) returned 0x0 [0166.683] WbemDefPath:IUnknown:AddRef (This=0xe3063f0) returned 0x3 [0166.683] WbemDefPath:IUnknown:Release (This=0xe3063f0) returned 0x2 [0166.683] WbemDefPath:IWbemPath:SetText (This=0xe3063f0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.684] IWbemClassObject:Get (in: This=0xbfc350, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3940*=0, plFlavor=0x6bf3944*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh-article.exe", varVal2=0x0), pType=0x6bf3940*=8, plFlavor=0x6bf3944*=0) returned 0x0 [0166.684] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0166.685] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0166.685] IWbemClassObject:Get (in: This=0xbfc350, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3940*=8, plFlavor=0x6bf3944*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh-article.exe", varVal2=0x0), pType=0x6bf3940*=8, plFlavor=0x6bf3944*=0) returned 0x0 [0166.685] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0166.685] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0166.685] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0166.685] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xbfc4e8, puReturned=0x6be9388*=0x1) returned 0x0 [0166.726] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xbfc4e8) returned 0x0 [0166.726] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.726] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.726] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.727] IUnknown:AddRef (This=0xbfc4e8) returned 0x3 [0166.727] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.727] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.727] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xbfc4ec) returned 0x0 [0166.727] IMarshal:GetUnmarshalClass (in: This=0xbfc4ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.727] IUnknown:Release (This=0xbfc4ec) returned 0x3 [0166.727] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.727] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.727] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.728] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0166.728] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.728] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.728] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xbfc4e8) returned 0x0 [0166.728] IUnknown:AddRef (This=0xbfc4e8) returned 0x4 [0166.728] IUnknown:Release (This=0xbfc4e8) returned 0x3 [0166.728] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0166.728] CoTaskMemFree (pv=0xc164b8) [0166.728] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.728] IUnknown:AddRef (This=0xbfc4e8) returned 0x3 [0166.728] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.729] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.729] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x5e [0166.729] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x5e [0166.729] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.729] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.729] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.729] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.731] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16528) returned 0x0 [0166.731] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16528, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.731] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16528, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306a80) returned 0x0 [0166.731] WbemDefPath:IUnknown:Release (This=0xc16528) returned 0x0 [0166.731] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306a80) returned 0x0 [0166.731] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.732] WbemDefPath:IUnknown:AddRef (This=0xe306a80) returned 0x3 [0166.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe308a00) returned 0x0 [0166.732] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308a00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.732] WbemDefPath:IUnknown:Release (This=0xe308a00) returned 0x3 [0166.732] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.733] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.733] WbemDefPath:IUnknown:Release (This=0xe306a80) returned 0x2 [0166.733] WbemDefPath:IUnknown:Release (This=0xe306a80) returned 0x1 [0166.733] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.733] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306a80, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306a80) returned 0x0 [0166.734] WbemDefPath:IUnknown:AddRef (This=0xe306a80) returned 0x3 [0166.734] WbemDefPath:IUnknown:Release (This=0xe306a80) returned 0x2 [0166.734] WbemDefPath:IWbemPath:SetText (This=0xe306a80, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.735] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf4200*=0, plFlavor=0x6bf4204*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="returnrecent.exe", varVal2=0x0), pType=0x6bf4200*=8, plFlavor=0x6bf4204*=0) returned 0x0 [0166.735] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0166.735] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0166.735] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf4200*=8, plFlavor=0x6bf4204*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="returnrecent.exe", varVal2=0x0), pType=0x6bf4200*=8, plFlavor=0x6bf4204*=0) returned 0x0 [0166.735] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0166.735] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0166.735] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0166.736] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6be9388 | out: apObjects=0xc163d8*=0xe30c208, puReturned=0x6be9388*=0x1) returned 0x0 [0166.737] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c208) returned 0x0 [0166.738] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.738] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.738] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.739] IUnknown:AddRef (This=0xe30c208) returned 0x3 [0166.739] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.739] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.739] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c20c) returned 0x0 [0166.739] IMarshal:GetUnmarshalClass (in: This=0xe30c20c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.739] IUnknown:Release (This=0xe30c20c) returned 0x3 [0166.740] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.740] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.740] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.740] IUnknown:Release (This=0xe30c208) returned 0x2 [0166.740] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.740] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.740] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c208) returned 0x0 [0166.740] IUnknown:AddRef (This=0xe30c208) returned 0x4 [0166.740] IUnknown:Release (This=0xe30c208) returned 0x3 [0166.740] IUnknown:Release (This=0xe30c208) returned 0x2 [0166.740] CoTaskMemFree (pv=0xc163d8) [0166.741] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.741] IUnknown:AddRef (This=0xe30c208) returned 0x3 [0166.741] IWbemClassObject:Get (in: This=0xe30c208, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.741] IWbemClassObject:Get (in: This=0xe30c208, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.741] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x5e [0166.741] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x5e [0166.741] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.742] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.742] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.742] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.743] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0166.743] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.743] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306310) returned 0x0 [0166.744] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0166.744] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306310) returned 0x0 [0166.744] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.744] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.744] WbemDefPath:IUnknown:AddRef (This=0xe306310) returned 0x3 [0166.744] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.745] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.745] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe308aa8) returned 0x0 [0166.745] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308aa8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.745] WbemDefPath:IUnknown:Release (This=0xe308aa8) returned 0x3 [0166.745] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.745] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.745] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.745] WbemDefPath:IUnknown:Release (This=0xe306310) returned 0x2 [0166.745] WbemDefPath:IUnknown:Release (This=0xe306310) returned 0x1 [0166.745] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.745] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.746] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306310, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306310) returned 0x0 [0166.746] WbemDefPath:IUnknown:AddRef (This=0xe306310) returned 0x3 [0166.746] WbemDefPath:IUnknown:Release (This=0xe306310) returned 0x2 [0166.746] WbemDefPath:IWbemPath:SetText (This=0xe306310, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x0 [0166.746] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.746] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.747] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.747] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.747] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.747] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.747] IWbemClassObject:Get (in: This=0xe30c208, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf4ac8*=0, plFlavor=0x6bf4acc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="forget dinner local.exe", varVal2=0x0), pType=0x6bf4ac8*=8, plFlavor=0x6bf4acc*=0) returned 0x0 [0166.747] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0166.747] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0166.748] IWbemClassObject:Get (in: This=0xe30c208, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf4ac8*=8, plFlavor=0x6bf4acc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="forget dinner local.exe", varVal2=0x0), pType=0x6bf4ac8*=8, plFlavor=0x6bf4acc*=0) returned 0x0 [0166.748] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0166.748] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0166.748] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0166.748] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6be9388 | out: apObjects=0xc163d8*=0xe30ca00, puReturned=0x6be9388*=0x1) returned 0x0 [0166.750] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30ca00) returned 0x0 [0166.751] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.751] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.751] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.751] IUnknown:AddRef (This=0xe30ca00) returned 0x3 [0166.751] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.752] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.752] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30ca04) returned 0x0 [0166.752] IMarshal:GetUnmarshalClass (in: This=0xe30ca04, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.752] IUnknown:Release (This=0xe30ca04) returned 0x3 [0166.752] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.752] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.752] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.753] IUnknown:Release (This=0xe30ca00) returned 0x2 [0166.753] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.753] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.753] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30ca00) returned 0x0 [0166.753] IUnknown:AddRef (This=0xe30ca00) returned 0x4 [0166.753] IUnknown:Release (This=0xe30ca00) returned 0x3 [0166.754] IUnknown:Release (This=0xe30ca00) returned 0x2 [0166.754] CoTaskMemFree (pv=0xc163d8) [0166.754] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.754] IUnknown:AddRef (This=0xe30ca00) returned 0x3 [0166.754] IWbemClassObject:Get (in: This=0xe30ca00, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.755] IWbemClassObject:Get (in: This=0xe30ca00, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.755] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x5e [0166.755] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x5e [0166.755] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.755] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.755] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.755] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.757] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0166.757] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.757] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306000) returned 0x0 [0166.757] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0166.757] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306000) returned 0x0 [0166.757] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.758] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.758] WbemDefPath:IUnknown:AddRef (This=0xe306000) returned 0x3 [0166.758] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.758] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.758] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe308e38) returned 0x0 [0166.758] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308e38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.758] WbemDefPath:IUnknown:Release (This=0xe308e38) returned 0x3 [0166.759] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.759] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.759] WbemDefPath:IUnknown:Release (This=0xe306000) returned 0x2 [0166.759] WbemDefPath:IUnknown:Release (This=0xe306000) returned 0x1 [0166.759] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.759] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306000, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306000) returned 0x0 [0166.759] WbemDefPath:IUnknown:AddRef (This=0xe306000) returned 0x3 [0166.759] WbemDefPath:IUnknown:Release (This=0xe306000) returned 0x2 [0166.760] WbemDefPath:IWbemPath:SetText (This=0xe306000, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.760] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.760] IWbemClassObject:Get (in: This=0xe30ca00, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf53a8*=0, plFlavor=0x6bf53ac*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sure.exe", varVal2=0x0), pType=0x6bf53a8*=8, plFlavor=0x6bf53ac*=0) returned 0x0 [0166.760] SysStringByteLen (bstr="sure.exe") returned 0x10 [0166.760] SysStringByteLen (bstr="sure.exe") returned 0x10 [0166.761] IWbemClassObject:Get (in: This=0xe30ca00, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf53a8*=8, plFlavor=0x6bf53ac*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sure.exe", varVal2=0x0), pType=0x6bf53a8*=8, plFlavor=0x6bf53ac*=0) returned 0x0 [0166.761] SysStringByteLen (bstr="sure.exe") returned 0x10 [0166.761] SysStringByteLen (bstr="sure.exe") returned 0x10 [0166.761] CoTaskMemAlloc (cb=0x4) returned 0xc164c8 [0166.761] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164c8, puReturned=0x6be9388 | out: apObjects=0xc164c8*=0xe30d390, puReturned=0x6be9388*=0x1) returned 0x0 [0166.803] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d390) returned 0x0 [0166.803] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.803] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.803] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.804] IUnknown:AddRef (This=0xe30d390) returned 0x3 [0166.804] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.804] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.804] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d394) returned 0x0 [0166.804] IMarshal:GetUnmarshalClass (in: This=0xe30d394, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.804] IUnknown:Release (This=0xe30d394) returned 0x3 [0166.804] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.804] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.804] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.805] IUnknown:Release (This=0xe30d390) returned 0x2 [0166.805] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.805] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.805] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d390) returned 0x0 [0166.805] IUnknown:AddRef (This=0xe30d390) returned 0x4 [0166.805] IUnknown:Release (This=0xe30d390) returned 0x3 [0166.805] IUnknown:Release (This=0xe30d390) returned 0x2 [0166.805] CoTaskMemFree (pv=0xc164c8) [0166.805] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.806] IUnknown:AddRef (This=0xe30d390) returned 0x3 [0166.806] IWbemClassObject:Get (in: This=0xe30d390, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.806] IWbemClassObject:Get (in: This=0xe30d390, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.806] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x5e [0166.806] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x5e [0166.806] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.806] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.807] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.807] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.808] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16508) returned 0x0 [0166.808] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.809] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306540) returned 0x0 [0166.809] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0166.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306540) returned 0x0 [0166.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.810] WbemDefPath:IUnknown:AddRef (This=0xe306540) returned 0x3 [0166.810] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.810] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.810] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe308ee0) returned 0x0 [0166.810] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308ee0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.810] WbemDefPath:IUnknown:Release (This=0xe308ee0) returned 0x3 [0166.810] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.810] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.811] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.811] WbemDefPath:IUnknown:Release (This=0xe306540) returned 0x2 [0166.811] WbemDefPath:IUnknown:Release (This=0xe306540) returned 0x1 [0166.811] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.811] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.811] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306540, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306540) returned 0x0 [0166.811] WbemDefPath:IUnknown:AddRef (This=0xe306540) returned 0x3 [0166.811] WbemDefPath:IUnknown:Release (This=0xe306540) returned 0x2 [0166.811] WbemDefPath:IWbemPath:SetText (This=0xe306540, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.812] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.812] IWbemClassObject:Get (in: This=0xe30d390, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf5c50*=0, plFlavor=0x6bf5c54*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="indeed.exe", varVal2=0x0), pType=0x6bf5c50*=8, plFlavor=0x6bf5c54*=0) returned 0x0 [0166.812] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0166.812] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0166.813] IWbemClassObject:Get (in: This=0xe30d390, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf5c50*=8, plFlavor=0x6bf5c54*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="indeed.exe", varVal2=0x0), pType=0x6bf5c50*=8, plFlavor=0x6bf5c54*=0) returned 0x0 [0166.813] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0166.813] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0166.813] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0166.813] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6be9388 | out: apObjects=0xc16468*=0xe30c6d0, puReturned=0x6be9388*=0x1) returned 0x0 [0166.815] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c6d0) returned 0x0 [0166.815] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.815] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.815] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.815] IUnknown:AddRef (This=0xe30c6d0) returned 0x3 [0166.816] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.816] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.833] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c6d4) returned 0x0 [0166.833] IMarshal:GetUnmarshalClass (in: This=0xe30c6d4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.833] IUnknown:Release (This=0xe30c6d4) returned 0x3 [0166.833] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.834] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.834] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.834] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0166.834] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.834] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.834] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c6d0) returned 0x0 [0166.834] IUnknown:AddRef (This=0xe30c6d0) returned 0x4 [0166.834] IUnknown:Release (This=0xe30c6d0) returned 0x3 [0166.834] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0166.835] CoTaskMemFree (pv=0xc16468) [0166.835] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.835] IUnknown:AddRef (This=0xe30c6d0) returned 0x3 [0166.835] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.835] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.835] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x5e [0166.835] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x5e [0166.835] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.836] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.836] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.836] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.838] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16418) returned 0x0 [0166.838] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.838] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306c40) returned 0x0 [0166.838] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0166.838] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306c40) returned 0x0 [0166.838] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.839] WbemDefPath:IUnknown:AddRef (This=0xe306c40) returned 0x3 [0166.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3091c8) returned 0x0 [0166.839] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3091c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.839] WbemDefPath:IUnknown:Release (This=0xe3091c8) returned 0x3 [0166.839] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.840] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.840] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.840] WbemDefPath:IUnknown:Release (This=0xe306c40) returned 0x2 [0166.840] WbemDefPath:IUnknown:Release (This=0xe306c40) returned 0x1 [0166.840] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.840] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.840] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306c40, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306c40) returned 0x0 [0166.840] WbemDefPath:IUnknown:AddRef (This=0xe306c40) returned 0x3 [0166.840] WbemDefPath:IUnknown:Release (This=0xe306c40) returned 0x2 [0166.841] WbemDefPath:IWbemPath:SetText (This=0xe306c40, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.841] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf6500*=0, plFlavor=0x6bf6504*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lie.exe", varVal2=0x0), pType=0x6bf6500*=8, plFlavor=0x6bf6504*=0) returned 0x0 [0166.841] SysStringByteLen (bstr="lie.exe") returned 0xe [0166.842] SysStringByteLen (bstr="lie.exe") returned 0xe [0166.842] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf6500*=8, plFlavor=0x6bf6504*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lie.exe", varVal2=0x0), pType=0x6bf6500*=8, plFlavor=0x6bf6504*=0) returned 0x0 [0166.842] SysStringByteLen (bstr="lie.exe") returned 0xe [0166.842] SysStringByteLen (bstr="lie.exe") returned 0xe [0166.842] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0166.842] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe30bed8, puReturned=0x6be9388*=0x1) returned 0x0 [0166.844] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30bed8) returned 0x0 [0166.844] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.844] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.844] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.845] IUnknown:AddRef (This=0xe30bed8) returned 0x3 [0166.845] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.845] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.845] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30bedc) returned 0x0 [0166.845] IMarshal:GetUnmarshalClass (in: This=0xe30bedc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.845] IUnknown:Release (This=0xe30bedc) returned 0x3 [0166.845] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.846] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.846] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.846] IUnknown:Release (This=0xe30bed8) returned 0x2 [0166.846] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.846] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.846] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30bed8) returned 0x0 [0166.846] IUnknown:AddRef (This=0xe30bed8) returned 0x4 [0166.846] IUnknown:Release (This=0xe30bed8) returned 0x3 [0166.846] IUnknown:Release (This=0xe30bed8) returned 0x2 [0166.846] CoTaskMemFree (pv=0xc163b8) [0166.847] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.847] IUnknown:AddRef (This=0xe30bed8) returned 0x3 [0166.847] IWbemClassObject:Get (in: This=0xe30bed8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.848] IWbemClassObject:Get (in: This=0xe30bed8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.848] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x5e [0166.848] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x5e [0166.848] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.849] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.849] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.849] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.851] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0166.851] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.896] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306af0) returned 0x0 [0166.896] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0166.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306af0) returned 0x0 [0166.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.897] WbemDefPath:IUnknown:AddRef (This=0xe306af0) returned 0x3 [0166.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.898] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3090d8) returned 0x0 [0166.898] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3090d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.898] WbemDefPath:IUnknown:Release (This=0xe3090d8) returned 0x3 [0166.898] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.898] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.898] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.898] WbemDefPath:IUnknown:Release (This=0xe306af0) returned 0x2 [0166.898] WbemDefPath:IUnknown:Release (This=0xe306af0) returned 0x1 [0166.899] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.899] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.899] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306af0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306af0) returned 0x0 [0166.899] WbemDefPath:IUnknown:AddRef (This=0xe306af0) returned 0x3 [0166.899] WbemDefPath:IUnknown:Release (This=0xe306af0) returned 0x2 [0166.899] WbemDefPath:IWbemPath:SetText (This=0xe306af0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x0 [0166.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.900] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.900] IWbemClassObject:Get (in: This=0xe30bed8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf6da0*=0, plFlavor=0x6bf6da4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="decide.exe", varVal2=0x0), pType=0x6bf6da0*=8, plFlavor=0x6bf6da4*=0) returned 0x0 [0166.900] SysStringByteLen (bstr="decide.exe") returned 0x14 [0166.900] SysStringByteLen (bstr="decide.exe") returned 0x14 [0166.900] IWbemClassObject:Get (in: This=0xe30bed8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf6da0*=8, plFlavor=0x6bf6da4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="decide.exe", varVal2=0x0), pType=0x6bf6da0*=8, plFlavor=0x6bf6da4*=0) returned 0x0 [0166.900] SysStringByteLen (bstr="decide.exe") returned 0x14 [0166.900] SysStringByteLen (bstr="decide.exe") returned 0x14 [0166.900] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0166.901] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xe30d528, puReturned=0x6be9388*=0x1) returned 0x0 [0166.902] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d528) returned 0x0 [0166.902] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.902] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.902] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.903] IUnknown:AddRef (This=0xe30d528) returned 0x3 [0166.903] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.904] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.904] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d52c) returned 0x0 [0166.904] IMarshal:GetUnmarshalClass (in: This=0xe30d52c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.904] IUnknown:Release (This=0xe30d52c) returned 0x3 [0166.904] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.904] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.904] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.905] IUnknown:Release (This=0xe30d528) returned 0x2 [0166.905] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.905] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.905] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d528) returned 0x0 [0166.905] IUnknown:AddRef (This=0xe30d528) returned 0x4 [0166.905] IUnknown:Release (This=0xe30d528) returned 0x3 [0166.905] IUnknown:Release (This=0xe30d528) returned 0x2 [0166.905] CoTaskMemFree (pv=0xc16508) [0166.905] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.905] IUnknown:AddRef (This=0xe30d528) returned 0x3 [0166.906] IWbemClassObject:Get (in: This=0xe30d528, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.906] IWbemClassObject:Get (in: This=0xe30d528, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.906] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x5e [0166.906] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x5e [0166.906] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.907] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.907] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.907] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.909] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16548) returned 0x0 [0166.909] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.909] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306bd0) returned 0x0 [0166.910] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0166.910] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306bd0) returned 0x0 [0166.910] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.910] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.911] WbemDefPath:IUnknown:AddRef (This=0xe306bd0) returned 0x3 [0166.911] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.911] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.911] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3092a0) returned 0x0 [0166.911] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3092a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.911] WbemDefPath:IUnknown:Release (This=0xe3092a0) returned 0x3 [0166.911] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.912] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.912] WbemDefPath:IUnknown:Release (This=0xe306bd0) returned 0x2 [0166.912] WbemDefPath:IUnknown:Release (This=0xe306bd0) returned 0x1 [0166.912] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.912] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306bd0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306bd0) returned 0x0 [0166.912] WbemDefPath:IUnknown:AddRef (This=0xe306bd0) returned 0x3 [0166.913] WbemDefPath:IUnknown:Release (This=0xe306bd0) returned 0x2 [0166.913] WbemDefPath:IWbemPath:SetText (This=0xe306bd0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.913] IWbemClassObject:Get (in: This=0xe30d528, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf7650*=0, plFlavor=0x6bf7654*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="research.exe", varVal2=0x0), pType=0x6bf7650*=8, plFlavor=0x6bf7654*=0) returned 0x0 [0166.913] SysStringByteLen (bstr="research.exe") returned 0x18 [0166.913] SysStringByteLen (bstr="research.exe") returned 0x18 [0166.914] IWbemClassObject:Get (in: This=0xe30d528, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf7650*=8, plFlavor=0x6bf7654*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="research.exe", varVal2=0x0), pType=0x6bf7650*=8, plFlavor=0x6bf7654*=0) returned 0x0 [0166.914] SysStringByteLen (bstr="research.exe") returned 0x18 [0166.914] SysStringByteLen (bstr="research.exe") returned 0x18 [0166.914] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0166.914] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xe30c868, puReturned=0x6be9388*=0x1) returned 0x0 [0166.916] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c868) returned 0x0 [0166.916] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.916] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.916] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.917] IUnknown:AddRef (This=0xe30c868) returned 0x3 [0166.917] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.917] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.917] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c86c) returned 0x0 [0166.917] IMarshal:GetUnmarshalClass (in: This=0xe30c86c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.918] IUnknown:Release (This=0xe30c86c) returned 0x3 [0166.918] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.918] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.918] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.918] IUnknown:Release (This=0xe30c868) returned 0x2 [0166.918] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.918] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.918] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c868) returned 0x0 [0166.919] IUnknown:AddRef (This=0xe30c868) returned 0x4 [0166.919] IUnknown:Release (This=0xe30c868) returned 0x3 [0166.919] IUnknown:Release (This=0xe30c868) returned 0x2 [0166.919] CoTaskMemFree (pv=0xc16418) [0166.919] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.919] IUnknown:AddRef (This=0xe30c868) returned 0x3 [0166.919] IWbemClassObject:Get (in: This=0xe30c868, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.920] IWbemClassObject:Get (in: This=0xe30c868, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.920] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x5e [0166.920] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x5e [0166.920] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.920] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.920] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.920] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.922] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164d8) returned 0x0 [0166.922] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.922] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3067e0) returned 0x0 [0166.923] WbemDefPath:IUnknown:Release (This=0xc164d8) returned 0x0 [0166.923] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3067e0) returned 0x0 [0166.924] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.924] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.924] WbemDefPath:IUnknown:AddRef (This=0xe3067e0) returned 0x3 [0166.924] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.924] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.925] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315fa8) returned 0x0 [0166.925] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315fa8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.925] WbemDefPath:IUnknown:Release (This=0xe315fa8) returned 0x3 [0166.925] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.983] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.983] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.984] WbemDefPath:IUnknown:Release (This=0xe3067e0) returned 0x2 [0166.984] WbemDefPath:IUnknown:Release (This=0xe3067e0) returned 0x1 [0166.984] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.984] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.984] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3067e0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3067e0) returned 0x0 [0166.984] WbemDefPath:IUnknown:AddRef (This=0xe3067e0) returned 0x3 [0166.984] WbemDefPath:IUnknown:Release (This=0xe3067e0) returned 0x2 [0166.984] WbemDefPath:IWbemPath:SetText (This=0xe3067e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x0 [0166.984] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0166.984] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0166.985] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.985] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0166.985] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0166.985] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.985] IWbemClassObject:Get (in: This=0xe30c868, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf7f08*=0, plFlavor=0x6bf7f0c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="read_task_at.exe", varVal2=0x0), pType=0x6bf7f08*=8, plFlavor=0x6bf7f0c*=0) returned 0x0 [0166.985] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0166.985] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0166.985] IWbemClassObject:Get (in: This=0xe30c868, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf7f08*=8, plFlavor=0x6bf7f0c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="read_task_at.exe", varVal2=0x0), pType=0x6bf7f08*=8, plFlavor=0x6bf7f0c*=0) returned 0x0 [0166.986] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0166.986] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0166.986] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0166.986] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xe30d858, puReturned=0x6be9388*=0x1) returned 0x0 [0166.987] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d858) returned 0x0 [0166.988] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0166.988] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0166.988] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0166.989] IUnknown:AddRef (This=0xe30d858) returned 0x3 [0166.989] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0166.989] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0166.990] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d85c) returned 0x0 [0166.990] IMarshal:GetUnmarshalClass (in: This=0xe30d85c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0166.990] IUnknown:Release (This=0xe30d85c) returned 0x3 [0166.990] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0166.990] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0166.990] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0166.991] IUnknown:Release (This=0xe30d858) returned 0x2 [0166.991] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0166.991] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0166.991] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d858) returned 0x0 [0166.991] IUnknown:AddRef (This=0xe30d858) returned 0x4 [0166.991] IUnknown:Release (This=0xe30d858) returned 0x3 [0166.992] IUnknown:Release (This=0xe30d858) returned 0x2 [0166.992] CoTaskMemFree (pv=0xc16418) [0166.992] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0166.992] IUnknown:AddRef (This=0xe30d858) returned 0x3 [0166.992] IWbemClassObject:Get (in: This=0xe30d858, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0166.993] IWbemClassObject:Get (in: This=0xe30d858, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0166.993] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x5e [0166.993] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x5e [0166.993] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0166.994] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0166.994] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0166.994] IUnknown:Release (This=0xb71a3c) returned 0x1 [0166.996] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0166.996] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0166.996] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306380) returned 0x0 [0166.996] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0166.997] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306380) returned 0x0 [0166.997] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0166.997] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0166.997] WbemDefPath:IUnknown:AddRef (This=0xe306380) returned 0x3 [0166.998] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0166.998] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0166.998] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315078) returned 0x0 [0166.998] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315078, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.998] WbemDefPath:IUnknown:Release (This=0xe315078) returned 0x3 [0166.998] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0166.998] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0166.998] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0166.999] WbemDefPath:IUnknown:Release (This=0xe306380) returned 0x2 [0166.999] WbemDefPath:IUnknown:Release (This=0xe306380) returned 0x1 [0166.999] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0166.999] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0166.999] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306380, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306380) returned 0x0 [0166.999] WbemDefPath:IUnknown:AddRef (This=0xe306380) returned 0x3 [0166.999] WbemDefPath:IUnknown:Release (This=0xe306380) returned 0x2 [0166.999] WbemDefPath:IWbemPath:SetText (This=0xe306380, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x0 [0166.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.000] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.000] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.000] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.000] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.000] IWbemClassObject:Get (in: This=0xe30d858, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf87d0*=0, plFlavor=0x6bf87d4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="remain_reality_probably.exe", varVal2=0x0), pType=0x6bf87d0*=8, plFlavor=0x6bf87d4*=0) returned 0x0 [0167.000] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0167.001] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0167.001] IWbemClassObject:Get (in: This=0xe30d858, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf87d0*=8, plFlavor=0x6bf87d4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="remain_reality_probably.exe", varVal2=0x0), pType=0x6bf87d0*=8, plFlavor=0x6bf87d4*=0) returned 0x0 [0167.001] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0167.001] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0167.001] CoTaskMemAlloc (cb=0x4) returned 0xc16528 [0167.001] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16528, puReturned=0x6be9388 | out: apObjects=0xc16528*=0xe30cb98, puReturned=0x6be9388*=0x1) returned 0x0 [0167.037] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30cb98) returned 0x0 [0167.037] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.037] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.037] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.038] IUnknown:AddRef (This=0xe30cb98) returned 0x3 [0167.038] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.038] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.038] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30cb9c) returned 0x0 [0167.038] IMarshal:GetUnmarshalClass (in: This=0xe30cb9c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.038] IUnknown:Release (This=0xe30cb9c) returned 0x3 [0167.038] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.038] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.039] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.039] IUnknown:Release (This=0xe30cb98) returned 0x2 [0167.039] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.039] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.039] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30cb98) returned 0x0 [0167.039] IUnknown:AddRef (This=0xe30cb98) returned 0x4 [0167.039] IUnknown:Release (This=0xe30cb98) returned 0x3 [0167.039] IUnknown:Release (This=0xe30cb98) returned 0x2 [0167.039] CoTaskMemFree (pv=0xc16528) [0167.040] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.040] IUnknown:AddRef (This=0xe30cb98) returned 0x3 [0167.040] IWbemClassObject:Get (in: This=0xe30cb98, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.040] IWbemClassObject:Get (in: This=0xe30cb98, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.040] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x5e [0167.040] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x5e [0167.041] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.041] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.041] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.041] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.042] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16518) returned 0x0 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.043] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306460) returned 0x0 [0167.043] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306460) returned 0x0 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.043] WbemDefPath:IUnknown:AddRef (This=0xe306460) returned 0x3 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3151e0) returned 0x0 [0167.044] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3151e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.044] WbemDefPath:IUnknown:Release (This=0xe3151e0) returned 0x3 [0167.044] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.044] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:Release (This=0xe306460) returned 0x2 [0167.045] WbemDefPath:IUnknown:Release (This=0xe306460) returned 0x1 [0167.045] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.045] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.045] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306460, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306460) returned 0x0 [0167.045] WbemDefPath:IUnknown:AddRef (This=0xe306460) returned 0x3 [0167.045] WbemDefPath:IUnknown:Release (This=0xe306460) returned 0x2 [0167.045] WbemDefPath:IWbemPath:SetText (This=0xe306460, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x0 [0167.045] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.045] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.045] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.046] IWbemClassObject:Get (in: This=0xe30cb98, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf90c0*=0, plFlavor=0x6bf90c4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="they_option_approach.exe", varVal2=0x0), pType=0x6bf90c0*=8, plFlavor=0x6bf90c4*=0) returned 0x0 [0167.046] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0167.046] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0167.046] IWbemClassObject:Get (in: This=0xe30cb98, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf90c0*=8, plFlavor=0x6bf90c4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="they_option_approach.exe", varVal2=0x0), pType=0x6bf90c0*=8, plFlavor=0x6bf90c4*=0) returned 0x0 [0167.046] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0167.046] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0167.047] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0167.047] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6be9388 | out: apObjects=0xc16488*=0xe30c3a0, puReturned=0x6be9388*=0x1) returned 0x0 [0167.048] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c3a0) returned 0x0 [0167.049] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.049] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.049] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.049] IUnknown:AddRef (This=0xe30c3a0) returned 0x3 [0167.049] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.050] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.050] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c3a4) returned 0x0 [0167.050] IMarshal:GetUnmarshalClass (in: This=0xe30c3a4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.050] IUnknown:Release (This=0xe30c3a4) returned 0x3 [0167.050] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.051] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.051] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.051] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0167.051] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.051] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.051] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c3a0) returned 0x0 [0167.051] IUnknown:AddRef (This=0xe30c3a0) returned 0x4 [0167.051] IUnknown:Release (This=0xe30c3a0) returned 0x3 [0167.052] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0167.052] CoTaskMemFree (pv=0xc16488) [0167.052] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.052] IUnknown:AddRef (This=0xe30c3a0) returned 0x3 [0167.052] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.052] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.053] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x5e [0167.053] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x5e [0167.053] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.053] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.053] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.053] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.055] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163c8) returned 0x0 [0167.056] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.056] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306cb0) returned 0x0 [0167.056] WbemDefPath:IUnknown:Release (This=0xc163c8) returned 0x0 [0167.056] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306cb0) returned 0x0 [0167.056] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.056] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.057] WbemDefPath:IUnknown:AddRef (This=0xe306cb0) returned 0x3 [0167.057] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.057] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.057] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3155a0) returned 0x0 [0167.057] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3155a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.058] WbemDefPath:IUnknown:Release (This=0xe3155a0) returned 0x3 [0167.058] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.058] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.058] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.058] WbemDefPath:IUnknown:Release (This=0xe306cb0) returned 0x2 [0167.058] WbemDefPath:IUnknown:Release (This=0xe306cb0) returned 0x1 [0167.058] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.059] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.059] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306cb0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306cb0) returned 0x0 [0167.059] WbemDefPath:IUnknown:AddRef (This=0xe306cb0) returned 0x3 [0167.059] WbemDefPath:IUnknown:Release (This=0xe306cb0) returned 0x2 [0167.059] WbemDefPath:IWbemPath:SetText (This=0xe306cb0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x0 [0167.059] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.059] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.059] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.060] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.060] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.060] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.060] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf99a8*=0, plFlavor=0x6bf99ac*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="practice.exe", varVal2=0x0), pType=0x6bf99a8*=8, plFlavor=0x6bf99ac*=0) returned 0x0 [0167.060] SysStringByteLen (bstr="practice.exe") returned 0x18 [0167.060] SysStringByteLen (bstr="practice.exe") returned 0x18 [0167.061] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf99a8*=8, plFlavor=0x6bf99ac*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="practice.exe", varVal2=0x0), pType=0x6bf99a8*=8, plFlavor=0x6bf99ac*=0) returned 0x0 [0167.061] SysStringByteLen (bstr="practice.exe") returned 0x18 [0167.061] SysStringByteLen (bstr="practice.exe") returned 0x18 [0167.061] CoTaskMemAlloc (cb=0x4) returned 0xc16458 [0167.061] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16458, puReturned=0x6be9388 | out: apObjects=0xc16458*=0xe30d6c0, puReturned=0x6be9388*=0x1) returned 0x0 [0167.063] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d6c0) returned 0x0 [0167.063] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.063] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.063] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.064] IUnknown:AddRef (This=0xe30d6c0) returned 0x3 [0167.064] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.064] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.064] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d6c4) returned 0x0 [0167.065] IMarshal:GetUnmarshalClass (in: This=0xe30d6c4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.065] IUnknown:Release (This=0xe30d6c4) returned 0x3 [0167.065] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.065] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.065] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.065] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0167.066] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.066] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.066] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d6c0) returned 0x0 [0167.116] IUnknown:AddRef (This=0xe30d6c0) returned 0x4 [0167.116] IUnknown:Release (This=0xe30d6c0) returned 0x3 [0167.116] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0167.117] CoTaskMemFree (pv=0xc16458) [0167.117] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.117] IUnknown:AddRef (This=0xe30d6c0) returned 0x3 [0167.117] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.117] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.117] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x5e [0167.117] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x5e [0167.117] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.118] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.118] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.118] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.120] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16528) returned 0x0 [0167.120] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16528, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.120] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16528, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306770) returned 0x0 [0167.120] WbemDefPath:IUnknown:Release (This=0xc16528) returned 0x0 [0167.120] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306770) returned 0x0 [0167.121] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.121] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.121] WbemDefPath:IUnknown:AddRef (This=0xe306770) returned 0x3 [0167.121] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.121] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315678) returned 0x0 [0167.122] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315678, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.122] WbemDefPath:IUnknown:Release (This=0xe315678) returned 0x3 [0167.122] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.122] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.122] WbemDefPath:IUnknown:Release (This=0xe306770) returned 0x2 [0167.123] WbemDefPath:IUnknown:Release (This=0xe306770) returned 0x1 [0167.123] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.123] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306770, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306770) returned 0x0 [0167.123] WbemDefPath:IUnknown:AddRef (This=0xe306770) returned 0x3 [0167.123] WbemDefPath:IUnknown:Release (This=0xe306770) returned 0x2 [0167.123] WbemDefPath:IWbemPath:SetText (This=0xe306770, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x0 [0167.123] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.123] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.124] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.124] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfa260*=0, plFlavor=0x6bfa264*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x6bfa260*=8, plFlavor=0x6bfa264*=0) returned 0x0 [0167.124] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0167.124] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0167.125] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfa260*=8, plFlavor=0x6bfa264*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x6bfa260*=8, plFlavor=0x6bfa264*=0) returned 0x0 [0167.125] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0167.125] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0167.125] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0167.125] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe30c538, puReturned=0x6be9388*=0x1) returned 0x0 [0167.126] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c538) returned 0x0 [0167.126] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.127] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.127] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.127] IUnknown:AddRef (This=0xe30c538) returned 0x3 [0167.127] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.127] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.127] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c53c) returned 0x0 [0167.128] IMarshal:GetUnmarshalClass (in: This=0xe30c53c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.128] IUnknown:Release (This=0xe30c53c) returned 0x3 [0167.128] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.128] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.128] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.129] IUnknown:Release (This=0xe30c538) returned 0x2 [0167.129] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.129] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.129] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c538) returned 0x0 [0167.129] IUnknown:AddRef (This=0xe30c538) returned 0x4 [0167.129] IUnknown:Release (This=0xe30c538) returned 0x3 [0167.130] IUnknown:Release (This=0xe30c538) returned 0x2 [0167.130] CoTaskMemFree (pv=0xc164f8) [0167.130] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.130] IUnknown:AddRef (This=0xe30c538) returned 0x3 [0167.130] IWbemClassObject:Get (in: This=0xe30c538, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.130] IWbemClassObject:Get (in: This=0xe30c538, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.131] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x5e [0167.131] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x5e [0167.131] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.131] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.131] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.131] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.133] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16528) returned 0x0 [0167.133] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16528, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.133] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16528, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe305f20) returned 0x0 [0167.134] WbemDefPath:IUnknown:Release (This=0xc16528) returned 0x0 [0167.134] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe305f20) returned 0x0 [0167.134] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.134] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.135] WbemDefPath:IUnknown:AddRef (This=0xe305f20) returned 0x3 [0167.135] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.135] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.135] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315738) returned 0x0 [0167.135] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315738, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.135] WbemDefPath:IUnknown:Release (This=0xe315738) returned 0x3 [0167.135] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.136] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.136] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.136] WbemDefPath:IUnknown:Release (This=0xe305f20) returned 0x2 [0167.136] WbemDefPath:IUnknown:Release (This=0xe305f20) returned 0x1 [0167.136] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.136] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.136] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f20, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe305f20) returned 0x0 [0167.137] WbemDefPath:IUnknown:AddRef (This=0xe305f20) returned 0x3 [0167.137] WbemDefPath:IUnknown:Release (This=0xe305f20) returned 0x2 [0167.137] WbemDefPath:IWbemPath:SetText (This=0xe305f20, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x0 [0167.137] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.137] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.137] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.137] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.137] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.138] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.138] IWbemClassObject:Get (in: This=0xe30c538, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfab08*=0, plFlavor=0x6bfab0c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x6bfab08*=8, plFlavor=0x6bfab0c*=0) returned 0x0 [0167.138] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0167.138] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0167.138] IWbemClassObject:Get (in: This=0xe30c538, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfab08*=8, plFlavor=0x6bfab0c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x6bfab08*=8, plFlavor=0x6bfab0c*=0) returned 0x0 [0167.138] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0167.139] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0167.139] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0167.139] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6be9388 | out: apObjects=0xc163d8*=0xe30c070, puReturned=0x6be9388*=0x1) returned 0x0 [0167.140] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30c070) returned 0x0 [0167.140] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.140] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.140] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.141] IUnknown:AddRef (This=0xe30c070) returned 0x3 [0167.141] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.141] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.141] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30c074) returned 0x0 [0167.141] IMarshal:GetUnmarshalClass (in: This=0xe30c074, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.142] IUnknown:Release (This=0xe30c074) returned 0x3 [0167.142] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.142] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.142] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.142] IUnknown:Release (This=0xe30c070) returned 0x2 [0167.142] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.142] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.142] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30c070) returned 0x0 [0167.143] IUnknown:AddRef (This=0xe30c070) returned 0x4 [0167.143] IUnknown:Release (This=0xe30c070) returned 0x3 [0167.143] IUnknown:Release (This=0xe30c070) returned 0x2 [0167.143] CoTaskMemFree (pv=0xc163d8) [0167.143] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.143] IUnknown:AddRef (This=0xe30c070) returned 0x3 [0167.143] IWbemClassObject:Get (in: This=0xe30c070, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.144] IWbemClassObject:Get (in: This=0xe30c070, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.144] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x5e [0167.144] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x5e [0167.144] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.145] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.145] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.145] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.146] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164b8) returned 0x0 [0167.147] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.147] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe305f90) returned 0x0 [0167.147] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0167.147] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe305f90) returned 0x0 [0167.147] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.147] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.148] WbemDefPath:IUnknown:AddRef (This=0xe305f90) returned 0x3 [0167.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315b88) returned 0x0 [0167.149] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315b88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.149] WbemDefPath:IUnknown:Release (This=0xe315b88) returned 0x3 [0167.149] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.149] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.149] WbemDefPath:IUnknown:Release (This=0xe305f90) returned 0x2 [0167.150] WbemDefPath:IUnknown:Release (This=0xe305f90) returned 0x1 [0167.150] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.150] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xe305f90, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe305f90) returned 0x0 [0167.150] WbemDefPath:IUnknown:AddRef (This=0xe305f90) returned 0x3 [0167.150] WbemDefPath:IUnknown:Release (This=0xe305f90) returned 0x2 [0167.150] WbemDefPath:IWbemPath:SetText (This=0xe305f90, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.151] IWbemClassObject:Get (in: This=0xe30c070, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfb3d8*=0, plFlavor=0x6bfb3dc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x6bfb3d8*=8, plFlavor=0x6bfb3dc*=0) returned 0x0 [0167.152] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0167.152] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0167.152] IWbemClassObject:Get (in: This=0xe30c070, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfb3d8*=8, plFlavor=0x6bfb3dc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x6bfb3d8*=8, plFlavor=0x6bfb3dc*=0) returned 0x0 [0167.152] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0167.152] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0167.153] CoTaskMemAlloc (cb=0x4) returned 0xc16478 [0167.153] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16478, puReturned=0x6be9388 | out: apObjects=0xc16478*=0xe30cd30, puReturned=0x6be9388*=0x1) returned 0x0 [0167.193] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30cd30) returned 0x0 [0167.193] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.193] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.193] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.193] IUnknown:AddRef (This=0xe30cd30) returned 0x3 [0167.194] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.194] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.194] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30cd34) returned 0x0 [0167.194] IMarshal:GetUnmarshalClass (in: This=0xe30cd34, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.194] IUnknown:Release (This=0xe30cd34) returned 0x3 [0167.194] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.194] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.194] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.194] IUnknown:Release (This=0xe30cd30) returned 0x2 [0167.194] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.194] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.194] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30cd30) returned 0x0 [0167.195] IUnknown:AddRef (This=0xe30cd30) returned 0x4 [0167.195] IUnknown:Release (This=0xe30cd30) returned 0x3 [0167.195] IUnknown:Release (This=0xe30cd30) returned 0x2 [0167.195] CoTaskMemFree (pv=0xc16478) [0167.195] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.195] IUnknown:AddRef (This=0xe30cd30) returned 0x3 [0167.195] IWbemClassObject:Get (in: This=0xe30cd30, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.195] IWbemClassObject:Get (in: This=0xe30cd30, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.195] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x5e [0167.195] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x5e [0167.195] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.196] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.196] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.196] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.198] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0167.198] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.198] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3065b0) returned 0x0 [0167.198] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0167.198] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3065b0) returned 0x0 [0167.198] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.198] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.200] WbemDefPath:IUnknown:AddRef (This=0xe3065b0) returned 0x3 [0167.200] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.200] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.200] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315b10) returned 0x0 [0167.200] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315b10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.200] WbemDefPath:IUnknown:Release (This=0xe315b10) returned 0x3 [0167.200] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.200] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.200] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.200] WbemDefPath:IUnknown:Release (This=0xe3065b0) returned 0x2 [0167.200] WbemDefPath:IUnknown:Release (This=0xe3065b0) returned 0x1 [0167.201] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.201] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.201] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3065b0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3065b0) returned 0x0 [0167.201] WbemDefPath:IUnknown:AddRef (This=0xe3065b0) returned 0x3 [0167.201] WbemDefPath:IUnknown:Release (This=0xe3065b0) returned 0x2 [0167.201] WbemDefPath:IWbemPath:SetText (This=0xe3065b0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.201] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.202] IWbemClassObject:Get (in: This=0xe30cd30, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfbc80*=0, plFlavor=0x6bfbc84*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x6bfbc80*=8, plFlavor=0x6bfbc84*=0) returned 0x0 [0167.202] SysStringByteLen (bstr="barca.exe") returned 0x12 [0167.202] SysStringByteLen (bstr="barca.exe") returned 0x12 [0167.202] IWbemClassObject:Get (in: This=0xe30cd30, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfbc80*=8, plFlavor=0x6bfbc84*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x6bfbc80*=8, plFlavor=0x6bfbc84*=0) returned 0x0 [0167.202] SysStringByteLen (bstr="barca.exe") returned 0x12 [0167.202] SysStringByteLen (bstr="barca.exe") returned 0x12 [0167.202] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0167.202] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xe30d9f0, puReturned=0x6be9388*=0x1) returned 0x0 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d9f0) returned 0x0 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.204] IUnknown:AddRef (This=0xe30d9f0) returned 0x3 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.204] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.205] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d9f4) returned 0x0 [0167.205] IMarshal:GetUnmarshalClass (in: This=0xe30d9f4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.205] IUnknown:Release (This=0xe30d9f4) returned 0x3 [0167.205] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.205] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.205] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.205] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0167.205] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.205] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.205] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d9f0) returned 0x0 [0167.205] IUnknown:AddRef (This=0xe30d9f0) returned 0x4 [0167.205] IUnknown:Release (This=0xe30d9f0) returned 0x3 [0167.206] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0167.206] CoTaskMemFree (pv=0xc16508) [0167.206] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.206] IUnknown:AddRef (This=0xe30d9f0) returned 0x3 [0167.206] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.206] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.206] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x5e [0167.207] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x5e [0167.207] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.207] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.207] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.207] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.208] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164e8) returned 0x0 [0167.209] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.209] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306150) returned 0x0 [0167.209] WbemDefPath:IUnknown:Release (This=0xc164e8) returned 0x0 [0167.209] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306150) returned 0x0 [0167.209] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.209] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.210] WbemDefPath:IUnknown:AddRef (This=0xe306150) returned 0x3 [0167.210] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.210] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.210] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315e70) returned 0x0 [0167.210] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315e70, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.210] WbemDefPath:IUnknown:Release (This=0xe315e70) returned 0x3 [0167.210] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.210] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.210] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.211] WbemDefPath:IUnknown:Release (This=0xe306150) returned 0x2 [0167.211] WbemDefPath:IUnknown:Release (This=0xe306150) returned 0x1 [0167.211] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.211] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306150, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306150) returned 0x0 [0167.211] WbemDefPath:IUnknown:AddRef (This=0xe306150) returned 0x3 [0167.211] WbemDefPath:IUnknown:Release (This=0xe306150) returned 0x2 [0167.211] WbemDefPath:IWbemPath:SetText (This=0xe306150, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x0 [0167.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.211] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.211] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.212] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.212] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.212] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfc528*=0, plFlavor=0x6bfc52c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x6bfc528*=8, plFlavor=0x6bfc52c*=0) returned 0x0 [0167.212] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0167.212] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0167.212] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfc528*=8, plFlavor=0x6bfc52c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x6bfc528*=8, plFlavor=0x6bfc52c*=0) returned 0x0 [0167.212] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0167.212] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0167.212] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0167.212] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xe30d060, puReturned=0x6be9388*=0x1) returned 0x0 [0167.215] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d060) returned 0x0 [0167.215] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.215] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.215] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.215] IUnknown:AddRef (This=0xe30d060) returned 0x3 [0167.216] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.216] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.216] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d064) returned 0x0 [0167.216] IMarshal:GetUnmarshalClass (in: This=0xe30d064, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.216] IUnknown:Release (This=0xe30d064) returned 0x3 [0167.216] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.216] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.216] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.216] IUnknown:Release (This=0xe30d060) returned 0x2 [0167.217] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.217] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.217] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d060) returned 0x0 [0167.217] IUnknown:AddRef (This=0xe30d060) returned 0x4 [0167.217] IUnknown:Release (This=0xe30d060) returned 0x3 [0167.217] IUnknown:Release (This=0xe30d060) returned 0x2 [0167.217] CoTaskMemFree (pv=0xc164b8) [0167.217] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.217] IUnknown:AddRef (This=0xe30d060) returned 0x3 [0167.217] IWbemClassObject:Get (in: This=0xe30d060, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.218] IWbemClassObject:Get (in: This=0xe30d060, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.218] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0167.218] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0167.218] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.218] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.218] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.218] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.220] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16428) returned 0x0 [0167.220] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.220] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16428, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306070) returned 0x0 [0167.220] WbemDefPath:IUnknown:Release (This=0xc16428) returned 0x0 [0167.220] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306070) returned 0x0 [0167.220] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.220] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.221] WbemDefPath:IUnknown:AddRef (This=0xe306070) returned 0x3 [0167.221] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.221] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.221] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe315f48) returned 0x0 [0167.221] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315f48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.221] WbemDefPath:IUnknown:Release (This=0xe315f48) returned 0x3 [0167.221] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.221] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.222] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.222] WbemDefPath:IUnknown:Release (This=0xe306070) returned 0x2 [0167.270] WbemDefPath:IUnknown:Release (This=0xe306070) returned 0x1 [0167.271] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.271] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.271] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306070, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306070) returned 0x0 [0167.271] WbemDefPath:IUnknown:AddRef (This=0xe306070) returned 0x3 [0167.271] WbemDefPath:IUnknown:Release (This=0xe306070) returned 0x2 [0167.271] WbemDefPath:IWbemPath:SetText (This=0xe306070, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x0 [0167.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.272] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.272] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.272] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.272] IWbemClassObject:Get (in: This=0xe30d060, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfcde0*=0, plFlavor=0x6bfcde4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x6bfcde0*=8, plFlavor=0x6bfcde4*=0) returned 0x0 [0167.272] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0167.272] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0167.272] IWbemClassObject:Get (in: This=0xe30d060, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfcde0*=8, plFlavor=0x6bfcde4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x6bfcde0*=8, plFlavor=0x6bfcde4*=0) returned 0x0 [0167.272] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0167.272] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0167.273] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0167.273] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6be9388 | out: apObjects=0xc163d8*=0xe30d1f8, puReturned=0x6be9388*=0x1) returned 0x0 [0167.274] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30d1f8) returned 0x0 [0167.274] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.274] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.274] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.275] IUnknown:AddRef (This=0xe30d1f8) returned 0x3 [0167.275] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.275] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.275] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30d1fc) returned 0x0 [0167.275] IMarshal:GetUnmarshalClass (in: This=0xe30d1fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.275] IUnknown:Release (This=0xe30d1fc) returned 0x3 [0167.275] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.275] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.276] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.276] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0167.276] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.276] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.276] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30d1f8) returned 0x0 [0167.276] IUnknown:AddRef (This=0xe30d1f8) returned 0x4 [0167.276] IUnknown:Release (This=0xe30d1f8) returned 0x3 [0167.276] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0167.276] CoTaskMemFree (pv=0xc163d8) [0167.276] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.277] IUnknown:AddRef (This=0xe30d1f8) returned 0x3 [0167.277] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.277] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.277] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"") returned 0x5e [0167.277] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"") returned 0x5e [0167.277] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.278] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.278] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.278] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.280] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164b8) returned 0x0 [0167.280] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.280] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3060e0) returned 0x0 [0167.280] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0167.281] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3060e0) returned 0x0 [0167.281] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.281] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.281] WbemDefPath:IUnknown:AddRef (This=0xe3060e0) returned 0x3 [0167.281] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.282] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.282] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a0d0) returned 0x0 [0167.282] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a0d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.282] WbemDefPath:IUnknown:Release (This=0xe31a0d0) returned 0x3 [0167.282] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.282] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.282] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.283] WbemDefPath:IUnknown:Release (This=0xe3060e0) returned 0x2 [0167.283] WbemDefPath:IUnknown:Release (This=0xe3060e0) returned 0x1 [0167.283] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.283] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.283] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3060e0, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3060e0) returned 0x0 [0167.283] WbemDefPath:IUnknown:AddRef (This=0xe3060e0) returned 0x3 [0167.283] WbemDefPath:IUnknown:Release (This=0xe3060e0) returned 0x2 [0167.283] WbemDefPath:IWbemPath:SetText (This=0xe3060e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"") returned 0x0 [0167.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.283] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.284] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.284] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.284] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.284] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.284] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfd690*=0, plFlavor=0x6bfd694*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x6bfd690*=8, plFlavor=0x6bfd694*=0) returned 0x0 [0167.284] SysStringByteLen (bstr="far.exe") returned 0xe [0167.284] SysStringByteLen (bstr="far.exe") returned 0xe [0167.285] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfd690*=8, plFlavor=0x6bfd694*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x6bfd690*=8, plFlavor=0x6bfd694*=0) returned 0x0 [0167.285] SysStringByteLen (bstr="far.exe") returned 0xe [0167.285] SysStringByteLen (bstr="far.exe") returned 0xe [0167.285] CoTaskMemAlloc (cb=0x4) returned 0xc16478 [0167.286] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16478, puReturned=0x6be9388 | out: apObjects=0xc16478*=0xe30cec8, puReturned=0x6be9388*=0x1) returned 0x0 [0167.287] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30cec8) returned 0x0 [0167.287] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.287] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.287] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.288] IUnknown:AddRef (This=0xe30cec8) returned 0x3 [0167.288] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.288] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.288] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30cecc) returned 0x0 [0167.288] IMarshal:GetUnmarshalClass (in: This=0xe30cecc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.288] IUnknown:Release (This=0xe30cecc) returned 0x3 [0167.289] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.289] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.289] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.289] IUnknown:Release (This=0xe30cec8) returned 0x2 [0167.289] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.289] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.289] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30cec8) returned 0x0 [0167.289] IUnknown:AddRef (This=0xe30cec8) returned 0x4 [0167.290] IUnknown:Release (This=0xe30cec8) returned 0x3 [0167.290] IUnknown:Release (This=0xe30cec8) returned 0x2 [0167.290] CoTaskMemFree (pv=0xc16478) [0167.290] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.290] IUnknown:AddRef (This=0xe30cec8) returned 0x3 [0167.290] IWbemClassObject:Get (in: This=0xe30cec8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.290] IWbemClassObject:Get (in: This=0xe30cec8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.290] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"") returned 0x5e [0167.291] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"") returned 0x5e [0167.291] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.291] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.291] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.291] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.292] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0167.293] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.293] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306620) returned 0x0 [0167.293] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0167.293] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306620) returned 0x0 [0167.293] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.293] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.294] WbemDefPath:IUnknown:AddRef (This=0xe306620) returned 0x3 [0167.294] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.294] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.294] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a0a0) returned 0x0 [0167.294] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a0a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.294] WbemDefPath:IUnknown:Release (This=0xe31a0a0) returned 0x3 [0167.294] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.294] CoGetContextToken (in: pToken=0x18df50 | out: pToken=0x18df50) returned 0x0 [0167.294] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.294] WbemDefPath:IUnknown:Release (This=0xe306620) returned 0x2 [0167.294] WbemDefPath:IUnknown:Release (This=0xe306620) returned 0x1 [0167.295] CoGetContextToken (in: pToken=0x18e8e8 | out: pToken=0x18e8e8) returned 0x0 [0167.295] CoGetContextToken (in: pToken=0x18e848 | out: pToken=0x18e848) returned 0x0 [0167.295] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306620, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306620) returned 0x0 [0167.295] WbemDefPath:IUnknown:AddRef (This=0xe306620) returned 0x3 [0167.295] WbemDefPath:IUnknown:Release (This=0xe306620) returned 0x2 [0167.295] WbemDefPath:IWbemPath:SetText (This=0xe306620, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"") returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.296] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.296] IWbemClassObject:Get (in: This=0xe30cec8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfdf30*=0, plFlavor=0x6bfdf34*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x6bfdf30*=8, plFlavor=0x6bfdf34*=0) returned 0x0 [0167.296] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0167.296] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0167.297] IWbemClassObject:Get (in: This=0xe30cec8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfdf30*=8, plFlavor=0x6bfdf34*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x6bfdf30*=8, plFlavor=0x6bfdf34*=0) returned 0x0 [0167.297] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0167.297] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0167.297] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0167.297] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xe30db88, puReturned=0x6be9388*=0x1) returned 0x0 [0167.298] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30db88) returned 0x0 [0167.298] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.298] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.299] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.299] IUnknown:AddRef (This=0xe30db88) returned 0x3 [0167.299] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.299] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.299] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30db8c) returned 0x0 [0167.300] IMarshal:GetUnmarshalClass (in: This=0xe30db8c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.300] IUnknown:Release (This=0xe30db8c) returned 0x3 [0167.300] CoGetContextToken (in: pToken=0x18d9f8 | out: pToken=0x18d9f8) returned 0x0 [0167.300] CoGetContextToken (in: pToken=0x18de00 | out: pToken=0x18de00) returned 0x0 [0167.300] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.300] IUnknown:Release (This=0xe30db88) returned 0x2 [0167.300] CoGetContextToken (in: pToken=0x18e3d8 | out: pToken=0x18e3d8) returned 0x0 [0167.300] CoGetContextToken (in: pToken=0x18e338 | out: pToken=0x18e338) returned 0x0 [0167.300] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30db88) returned 0x0 [0167.300] IUnknown:AddRef (This=0xe30db88) returned 0x4 [0167.300] IUnknown:Release (This=0xe30db88) returned 0x3 [0167.301] IUnknown:Release (This=0xe30db88) returned 0x2 [0167.301] CoTaskMemFree (pv=0xc16508) [0167.301] CoGetContextToken (in: pToken=0x18e748 | out: pToken=0x18e748) returned 0x0 [0167.301] IUnknown:AddRef (This=0xe30db88) returned 0x3 [0167.301] IWbemClassObject:Get (in: This=0xe30db88, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.301] IWbemClassObject:Get (in: This=0xe30db88, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.301] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"") returned 0x5e [0167.301] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"") returned 0x5e [0167.302] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.302] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.302] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.302] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.303] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164e8) returned 0x0 [0167.303] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.303] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306690) returned 0x0 [0167.304] WbemDefPath:IUnknown:Release (This=0xc164e8) returned 0x0 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306690) returned 0x0 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.304] WbemDefPath:IUnknown:AddRef (This=0xe306690) returned 0x3 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.304] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a3d0) returned 0x0 [0167.304] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.304] WbemDefPath:IUnknown:Release (This=0xe31a3d0) returned 0x3 [0167.305] CoGetContextToken (in: pToken=0x18db48 | out: pToken=0x18db48) returned 0x0 [0167.305] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.305] WbemDefPath:IUnknown:Release (This=0xe306690) returned 0x2 [0167.305] WbemDefPath:IUnknown:Release (This=0xe306690) returned 0x1 [0167.305] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306690, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306690) returned 0x0 [0167.305] WbemDefPath:IUnknown:AddRef (This=0xe306690) returned 0x3 [0167.305] WbemDefPath:IUnknown:Release (This=0xe306690) returned 0x2 [0167.305] WbemDefPath:IWbemPath:SetText (This=0xe306690, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"") returned 0x0 [0167.305] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.305] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.305] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.305] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.306] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.306] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.306] IWbemClassObject:Get (in: This=0xe30db88, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfe7e8*=0, plFlavor=0x6bfe7ec*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x6bfe7e8*=8, plFlavor=0x6bfe7ec*=0) returned 0x0 [0167.306] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0167.306] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0167.306] IWbemClassObject:Get (in: This=0xe30db88, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bfe7e8*=8, plFlavor=0x6bfe7ec*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x6bfe7e8*=8, plFlavor=0x6bfe7ec*=0) returned 0x0 [0167.306] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0167.306] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0167.306] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0167.306] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xe30dd20, puReturned=0x6be9388*=0x1) returned 0x0 [0167.377] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe30dd20) returned 0x0 [0167.377] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0167.377] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0167.377] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0167.378] IUnknown:AddRef (This=0xe30dd20) returned 0x3 [0167.378] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0167.378] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0167.378] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe30dd24) returned 0x0 [0167.379] IMarshal:GetUnmarshalClass (in: This=0xe30dd24, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.379] IUnknown:Release (This=0xe30dd24) returned 0x3 [0167.379] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0167.379] IUnknown:Release (This=0xe30dd20) returned 0x2 [0167.379] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe30dd20) returned 0x0 [0167.380] IUnknown:AddRef (This=0xe30dd20) returned 0x4 [0167.380] IUnknown:Release (This=0xe30dd20) returned 0x3 [0167.380] IUnknown:Release (This=0xe30dd20) returned 0x2 [0167.380] CoTaskMemFree (pv=0xc164b8) [0167.380] IUnknown:AddRef (This=0xe30dd20) returned 0x3 [0167.380] IWbemClassObject:Get (in: This=0xe30dd20, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0167.381] IWbemClassObject:Get (in: This=0xe30dd20, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0167.381] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"") returned 0x5e [0167.381] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"") returned 0x5e [0167.381] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0167.381] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0167.382] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0167.382] IUnknown:Release (This=0xb71a3c) returned 0x1 [0167.384] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163f8) returned 0x0 [0167.385] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0167.385] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306700) returned 0x0 [0167.385] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0167.385] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306700) returned 0x0 [0167.385] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0167.385] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0167.386] WbemDefPath:IUnknown:AddRef (This=0xe306700) returned 0x3 [0167.386] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0167.386] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0167.386] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a550) returned 0x0 [0167.386] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a550, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.386] WbemDefPath:IUnknown:Release (This=0xe31a550) returned 0x3 [0167.386] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0167.386] WbemDefPath:IUnknown:Release (This=0xe306700) returned 0x2 [0167.386] WbemDefPath:IUnknown:Release (This=0xe306700) returned 0x1 [0167.387] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306700, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306700) returned 0x0 [0167.387] WbemDefPath:IUnknown:AddRef (This=0xe306700) returned 0x3 [0167.387] WbemDefPath:IUnknown:Release (This=0xe306700) returned 0x2 [0167.387] WbemDefPath:IWbemPath:SetText (This=0xe306700, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"") returned 0x0 [0167.387] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0167.387] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0167.387] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.388] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0167.388] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0167.388] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.388] IWbemClassObject:Get (in: This=0xe30dd20, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bff0a0*=0, plFlavor=0x6bff0a4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x6bff0a0*=8, plFlavor=0x6bff0a4*=0) returned 0x0 [0167.388] SysStringByteLen (bstr="fling.exe") returned 0x12 [0167.388] SysStringByteLen (bstr="fling.exe") returned 0x12 [0167.388] IWbemClassObject:Get (in: This=0xe30dd20, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bff0a0*=8, plFlavor=0x6bff0a4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x6bff0a0*=8, plFlavor=0x6bff0a4*=0) returned 0x0 [0167.388] SysStringByteLen (bstr="fling.exe") returned 0x12 [0167.388] SysStringByteLen (bstr="fling.exe") returned 0x12 [0167.388] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0167.389] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe31ca68, puReturned=0x6be9388*=0x1) returned 0x0 [0168.080] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31ca68) returned 0x0 [0168.081] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.081] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.081] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.081] IUnknown:AddRef (This=0xe31ca68) returned 0x3 [0168.081] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.081] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.082] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31ca6c) returned 0x0 [0168.082] IMarshal:GetUnmarshalClass (in: This=0xe31ca6c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.082] IUnknown:Release (This=0xe31ca6c) returned 0x3 [0168.082] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.082] IUnknown:Release (This=0xe31ca68) returned 0x2 [0168.082] IUnknown:QueryInterface (in: This=0xe31ca68, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31ca68) returned 0x0 [0168.083] IUnknown:AddRef (This=0xe31ca68) returned 0x4 [0168.083] IUnknown:Release (This=0xe31ca68) returned 0x3 [0168.083] IUnknown:Release (This=0xe31ca68) returned 0x2 [0168.083] CoTaskMemFree (pv=0xc163b8) [0168.083] IUnknown:AddRef (This=0xe31ca68) returned 0x3 [0168.083] IWbemClassObject:Get (in: This=0xe31ca68, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.083] IWbemClassObject:Get (in: This=0xe31ca68, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.083] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"") returned 0x5e [0168.084] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"") returned 0x5e [0168.084] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.084] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.084] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.084] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.085] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16558) returned 0x0 [0168.086] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16558, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.086] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16558, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306850) returned 0x0 [0168.086] WbemDefPath:IUnknown:Release (This=0xc16558) returned 0x0 [0168.086] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306850) returned 0x0 [0168.086] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.086] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.087] WbemDefPath:IUnknown:AddRef (This=0xe306850) returned 0x3 [0168.087] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.087] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.087] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a598) returned 0x0 [0168.087] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a598, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.087] WbemDefPath:IUnknown:Release (This=0xe31a598) returned 0x3 [0168.087] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.088] WbemDefPath:IUnknown:Release (This=0xe306850) returned 0x2 [0168.088] WbemDefPath:IUnknown:Release (This=0xe306850) returned 0x1 [0168.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306850, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306850) returned 0x0 [0168.088] WbemDefPath:IUnknown:AddRef (This=0xe306850) returned 0x3 [0168.088] WbemDefPath:IUnknown:Release (This=0xe306850) returned 0x2 [0168.088] WbemDefPath:IWbemPath:SetText (This=0xe306850, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"") returned 0x0 [0168.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.088] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.088] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.089] IWbemClassObject:Get (in: This=0xe31ca68, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bff948*=0, plFlavor=0x6bff94c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x6bff948*=8, plFlavor=0x6bff94c*=0) returned 0x0 [0168.089] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0168.089] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0168.089] IWbemClassObject:Get (in: This=0xe31ca68, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bff948*=8, plFlavor=0x6bff94c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x6bff948*=8, plFlavor=0x6bff94c*=0) returned 0x0 [0168.089] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0168.089] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0168.090] CoTaskMemAlloc (cb=0x4) returned 0xc163f8 [0168.090] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163f8, puReturned=0x6be9388 | out: apObjects=0xc163f8*=0xe31d0c8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.092] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d0c8) returned 0x0 [0168.092] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.092] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.093] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.093] IUnknown:AddRef (This=0xe31d0c8) returned 0x3 [0168.093] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.093] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.093] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d0cc) returned 0x0 [0168.094] IMarshal:GetUnmarshalClass (in: This=0xe31d0cc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.094] IUnknown:Release (This=0xe31d0cc) returned 0x3 [0168.094] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.094] IUnknown:Release (This=0xe31d0c8) returned 0x2 [0168.094] IUnknown:QueryInterface (in: This=0xe31d0c8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d0c8) returned 0x0 [0168.094] IUnknown:AddRef (This=0xe31d0c8) returned 0x4 [0168.094] IUnknown:Release (This=0xe31d0c8) returned 0x3 [0168.095] IUnknown:Release (This=0xe31d0c8) returned 0x2 [0168.095] CoTaskMemFree (pv=0xc163f8) [0168.095] IUnknown:AddRef (This=0xe31d0c8) returned 0x3 [0168.095] IWbemClassObject:Get (in: This=0xe31d0c8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.095] IWbemClassObject:Get (in: This=0xe31d0c8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.096] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"") returned 0x5e [0168.096] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"") returned 0x5e [0168.096] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.096] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.096] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.096] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.098] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.098] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.098] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306e00) returned 0x0 [0168.098] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.098] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306e00) returned 0x0 [0168.098] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.098] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.099] WbemDefPath:IUnknown:AddRef (This=0xe306e00) returned 0x3 [0168.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a8c8) returned 0x0 [0168.099] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a8c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.099] WbemDefPath:IUnknown:Release (This=0xe31a8c8) returned 0x3 [0168.100] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.100] WbemDefPath:IUnknown:Release (This=0xe306e00) returned 0x2 [0168.100] WbemDefPath:IUnknown:Release (This=0xe306e00) returned 0x1 [0168.100] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e00, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306e00) returned 0x0 [0168.100] WbemDefPath:IUnknown:AddRef (This=0xe306e00) returned 0x3 [0168.100] WbemDefPath:IUnknown:Release (This=0xe306e00) returned 0x2 [0168.100] WbemDefPath:IWbemPath:SetText (This=0xe306e00, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"") returned 0x0 [0168.100] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.101] IWbemClassObject:Get (in: This=0xe31d0c8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c00218*=0, plFlavor=0x6c0021c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x6c00218*=8, plFlavor=0x6c0021c*=0) returned 0x0 [0168.101] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0168.101] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0168.101] IWbemClassObject:Get (in: This=0xe31d0c8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c00218*=8, plFlavor=0x6c0021c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x6c00218*=8, plFlavor=0x6c0021c*=0) returned 0x0 [0168.102] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0168.102] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0168.102] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0168.102] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe31c738, puReturned=0x6be9388*=0x1) returned 0x0 [0168.103] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31c738) returned 0x0 [0168.103] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.103] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.104] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.104] IUnknown:AddRef (This=0xe31c738) returned 0x3 [0168.104] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.104] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.104] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31c73c) returned 0x0 [0168.104] IMarshal:GetUnmarshalClass (in: This=0xe31c73c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.104] IUnknown:Release (This=0xe31c73c) returned 0x3 [0168.105] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.105] IUnknown:Release (This=0xe31c738) returned 0x2 [0168.105] IUnknown:QueryInterface (in: This=0xe31c738, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31c738) returned 0x0 [0168.105] IUnknown:AddRef (This=0xe31c738) returned 0x4 [0168.105] IUnknown:Release (This=0xe31c738) returned 0x3 [0168.105] IUnknown:Release (This=0xe31c738) returned 0x2 [0168.105] CoTaskMemFree (pv=0xc164f8) [0168.105] IUnknown:AddRef (This=0xe31c738) returned 0x3 [0168.105] IWbemClassObject:Get (in: This=0xe31c738, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.106] IWbemClassObject:Get (in: This=0xe31c738, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.106] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"") returned 0x5e [0168.106] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"") returned 0x5e [0168.106] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.106] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.106] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.106] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.107] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16488) returned 0x0 [0168.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.108] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306e70) returned 0x0 [0168.108] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0168.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306e70) returned 0x0 [0168.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.108] WbemDefPath:IUnknown:AddRef (This=0xe306e70) returned 0x3 [0168.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31a898) returned 0x0 [0168.109] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a898, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.109] WbemDefPath:IUnknown:Release (This=0xe31a898) returned 0x3 [0168.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.109] WbemDefPath:IUnknown:Release (This=0xe306e70) returned 0x2 [0168.109] WbemDefPath:IUnknown:Release (This=0xe306e70) returned 0x1 [0168.110] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306e70, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306e70) returned 0x0 [0168.110] WbemDefPath:IUnknown:AddRef (This=0xe306e70) returned 0x3 [0168.110] WbemDefPath:IUnknown:Release (This=0xe306e70) returned 0x2 [0168.110] WbemDefPath:IWbemPath:SetText (This=0xe306e70, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"") returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.110] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.111] IWbemClassObject:Get (in: This=0xe31c738, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c00af0*=0, plFlavor=0x6c00af4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x6c00af0*=8, plFlavor=0x6c00af4*=0) returned 0x0 [0168.111] SysStringByteLen (bstr="icq.exe") returned 0xe [0168.111] SysStringByteLen (bstr="icq.exe") returned 0xe [0168.111] IWbemClassObject:Get (in: This=0xe31c738, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c00af0*=8, plFlavor=0x6c00af4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x6c00af0*=8, plFlavor=0x6c00af4*=0) returned 0x0 [0168.111] SysStringByteLen (bstr="icq.exe") returned 0xe [0168.111] SysStringByteLen (bstr="icq.exe") returned 0xe [0168.111] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0168.111] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6be9388 | out: apObjects=0xc16468*=0xe31dbf0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.114] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31dbf0) returned 0x0 [0168.114] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.114] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.114] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.115] IUnknown:AddRef (This=0xe31dbf0) returned 0x3 [0168.115] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.115] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.115] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31dbf4) returned 0x0 [0168.115] IMarshal:GetUnmarshalClass (in: This=0xe31dbf4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.115] IUnknown:Release (This=0xe31dbf4) returned 0x3 [0168.116] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.116] IUnknown:Release (This=0xe31dbf0) returned 0x2 [0168.116] IUnknown:QueryInterface (in: This=0xe31dbf0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31dbf0) returned 0x0 [0168.116] IUnknown:AddRef (This=0xe31dbf0) returned 0x4 [0168.116] IUnknown:Release (This=0xe31dbf0) returned 0x3 [0168.116] IUnknown:Release (This=0xe31dbf0) returned 0x2 [0168.116] CoTaskMemFree (pv=0xc16468) [0168.116] IUnknown:AddRef (This=0xe31dbf0) returned 0x3 [0168.116] IWbemClassObject:Get (in: This=0xe31dbf0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.117] IWbemClassObject:Get (in: This=0xe31dbf0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.117] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x5e [0168.117] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x5e [0168.117] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.117] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.117] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.117] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.119] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0168.119] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.119] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306d90) returned 0x0 [0168.119] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0168.119] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306d90) returned 0x0 [0168.119] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.119] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.170] WbemDefPath:IUnknown:AddRef (This=0xe306d90) returned 0x3 [0168.170] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.170] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.170] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31ab50) returned 0x0 [0168.171] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31ab50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.171] WbemDefPath:IUnknown:Release (This=0xe31ab50) returned 0x3 [0168.171] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.171] WbemDefPath:IUnknown:Release (This=0xe306d90) returned 0x2 [0168.171] WbemDefPath:IUnknown:Release (This=0xe306d90) returned 0x1 [0168.171] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d90, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306d90) returned 0x0 [0168.171] WbemDefPath:IUnknown:AddRef (This=0xe306d90) returned 0x3 [0168.171] WbemDefPath:IUnknown:Release (This=0xe306d90) returned 0x2 [0168.171] WbemDefPath:IWbemPath:SetText (This=0xe306d90, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x0 [0168.171] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.172] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.172] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.172] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.172] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.172] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.172] IWbemClassObject:Get (in: This=0xe31dbf0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c01390*=0, plFlavor=0x6c01394*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x6c01390*=8, plFlavor=0x6c01394*=0) returned 0x0 [0168.172] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0168.172] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0168.172] IWbemClassObject:Get (in: This=0xe31dbf0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c01390*=8, plFlavor=0x6c01394*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x6c01390*=8, plFlavor=0x6c01394*=0) returned 0x0 [0168.173] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0168.173] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0168.173] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0168.173] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6be9388 | out: apObjects=0xc16408*=0xe31df20, puReturned=0x6be9388*=0x1) returned 0x0 [0168.174] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31df20) returned 0x0 [0168.174] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.174] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.174] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.175] IUnknown:AddRef (This=0xe31df20) returned 0x3 [0168.175] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.175] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.175] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31df24) returned 0x0 [0168.175] IMarshal:GetUnmarshalClass (in: This=0xe31df24, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.175] IUnknown:Release (This=0xe31df24) returned 0x3 [0168.176] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.176] IUnknown:Release (This=0xe31df20) returned 0x2 [0168.176] IUnknown:QueryInterface (in: This=0xe31df20, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31df20) returned 0x0 [0168.176] IUnknown:AddRef (This=0xe31df20) returned 0x4 [0168.176] IUnknown:Release (This=0xe31df20) returned 0x3 [0168.176] IUnknown:Release (This=0xe31df20) returned 0x2 [0168.176] CoTaskMemFree (pv=0xc16408) [0168.176] IUnknown:AddRef (This=0xe31df20) returned 0x3 [0168.176] IWbemClassObject:Get (in: This=0xe31df20, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.177] IWbemClassObject:Get (in: This=0xe31df20, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.177] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x5e [0168.177] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x5e [0168.177] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.177] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.177] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.177] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.178] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.179] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.179] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe306d20) returned 0x0 [0168.179] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.179] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe306d20) returned 0x0 [0168.179] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.179] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.180] WbemDefPath:IUnknown:AddRef (This=0xe306d20) returned 0x3 [0168.180] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.180] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.180] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe31ac88) returned 0x0 [0168.180] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31ac88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.180] WbemDefPath:IUnknown:Release (This=0xe31ac88) returned 0x3 [0168.180] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.180] WbemDefPath:IUnknown:Release (This=0xe306d20) returned 0x2 [0168.181] WbemDefPath:IUnknown:Release (This=0xe306d20) returned 0x1 [0168.181] WbemDefPath:IUnknown:QueryInterface (in: This=0xe306d20, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe306d20) returned 0x0 [0168.181] WbemDefPath:IUnknown:AddRef (This=0xe306d20) returned 0x3 [0168.181] WbemDefPath:IUnknown:Release (This=0xe306d20) returned 0x2 [0168.181] WbemDefPath:IWbemPath:SetText (This=0xe306d20, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.182] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.183] IWbemClassObject:Get (in: This=0xe31df20, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c01c48*=0, plFlavor=0x6c01c4c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x6c01c48*=8, plFlavor=0x6c01c4c*=0) returned 0x0 [0168.183] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0168.183] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0168.183] IWbemClassObject:Get (in: This=0xe31df20, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c01c48*=8, plFlavor=0x6c01c4c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x6c01c48*=8, plFlavor=0x6c01c4c*=0) returned 0x0 [0168.183] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0168.183] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0168.183] CoTaskMemAlloc (cb=0x4) returned 0xc16428 [0168.183] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16428, puReturned=0x6be9388 | out: apObjects=0xc16428*=0xe31d728, puReturned=0x6be9388*=0x1) returned 0x0 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d728) returned 0x0 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.185] IUnknown:AddRef (This=0xe31d728) returned 0x3 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.185] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d72c) returned 0x0 [0168.186] IMarshal:GetUnmarshalClass (in: This=0xe31d72c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.186] IUnknown:Release (This=0xe31d72c) returned 0x3 [0168.186] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.186] IUnknown:Release (This=0xe31d728) returned 0x2 [0168.186] IUnknown:QueryInterface (in: This=0xe31d728, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d728) returned 0x0 [0168.186] IUnknown:AddRef (This=0xe31d728) returned 0x4 [0168.186] IUnknown:Release (This=0xe31d728) returned 0x3 [0168.186] IUnknown:Release (This=0xe31d728) returned 0x2 [0168.186] CoTaskMemFree (pv=0xc16428) [0168.187] IUnknown:AddRef (This=0xe31d728) returned 0x3 [0168.187] IWbemClassObject:Get (in: This=0xe31d728, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.187] IWbemClassObject:Get (in: This=0xe31d728, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.187] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"") returned 0x5e [0168.187] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"") returned 0x5e [0168.187] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.187] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.188] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.188] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.190] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16408) returned 0x0 [0168.190] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16408, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.190] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16408, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322ea8) returned 0x0 [0168.190] WbemDefPath:IUnknown:Release (This=0xc16408) returned 0x0 [0168.190] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322ea8) returned 0x0 [0168.191] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.191] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.191] WbemDefPath:IUnknown:AddRef (This=0xe322ea8) returned 0x3 [0168.191] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.191] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.191] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3217b0) returned 0x0 [0168.191] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3217b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.191] WbemDefPath:IUnknown:Release (This=0xe3217b0) returned 0x3 [0168.192] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.192] WbemDefPath:IUnknown:Release (This=0xe322ea8) returned 0x2 [0168.192] WbemDefPath:IUnknown:Release (This=0xe322ea8) returned 0x1 [0168.192] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ea8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322ea8) returned 0x0 [0168.192] WbemDefPath:IUnknown:AddRef (This=0xe322ea8) returned 0x3 [0168.192] WbemDefPath:IUnknown:Release (This=0xe322ea8) returned 0x2 [0168.192] WbemDefPath:IWbemPath:SetText (This=0xe322ea8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"") returned 0x0 [0168.192] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.192] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.192] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.193] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.193] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.193] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.193] IWbemClassObject:Get (in: This=0xe31d728, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c024f0*=0, plFlavor=0x6c024f4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x6c024f0*=8, plFlavor=0x6c024f4*=0) returned 0x0 [0168.193] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0168.193] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0168.193] IWbemClassObject:Get (in: This=0xe31d728, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c024f0*=8, plFlavor=0x6c024f4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x6c024f0*=8, plFlavor=0x6c024f4*=0) returned 0x0 [0168.193] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0168.193] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0168.194] CoTaskMemAlloc (cb=0x4) returned 0xc16458 [0168.194] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16458, puReturned=0x6be9388 | out: apObjects=0xc16458*=0xe31dd88, puReturned=0x6be9388*=0x1) returned 0x0 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31dd88) returned 0x0 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.240] IUnknown:AddRef (This=0xe31dd88) returned 0x3 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.240] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31dd8c) returned 0x0 [0168.241] IMarshal:GetUnmarshalClass (in: This=0xe31dd8c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.241] IUnknown:Release (This=0xe31dd8c) returned 0x3 [0168.241] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.241] IUnknown:Release (This=0xe31dd88) returned 0x2 [0168.241] IUnknown:QueryInterface (in: This=0xe31dd88, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31dd88) returned 0x0 [0168.241] IUnknown:AddRef (This=0xe31dd88) returned 0x4 [0168.241] IUnknown:Release (This=0xe31dd88) returned 0x3 [0168.241] IUnknown:Release (This=0xe31dd88) returned 0x2 [0168.241] CoTaskMemFree (pv=0xc16458) [0168.241] IUnknown:AddRef (This=0xe31dd88) returned 0x3 [0168.241] IWbemClassObject:Get (in: This=0xe31dd88, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.242] IWbemClassObject:Get (in: This=0xe31dd88, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.242] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x5e [0168.242] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x5e [0168.242] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.242] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.242] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.242] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.243] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16528) returned 0x0 [0168.243] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16528, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.243] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16528, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322c08) returned 0x0 [0168.244] WbemDefPath:IUnknown:Release (This=0xc16528) returned 0x0 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322c08) returned 0x0 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.244] WbemDefPath:IUnknown:AddRef (This=0xe322c08) returned 0x3 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.244] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3215e8) returned 0x0 [0168.244] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3215e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.245] WbemDefPath:IUnknown:Release (This=0xe3215e8) returned 0x3 [0168.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.245] WbemDefPath:IUnknown:Release (This=0xe322c08) returned 0x2 [0168.245] WbemDefPath:IUnknown:Release (This=0xe322c08) returned 0x1 [0168.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c08, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322c08) returned 0x0 [0168.245] WbemDefPath:IUnknown:AddRef (This=0xe322c08) returned 0x3 [0168.245] WbemDefPath:IUnknown:Release (This=0xe322c08) returned 0x2 [0168.245] WbemDefPath:IWbemPath:SetText (This=0xe322c08, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.246] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.246] IWbemClassObject:Get (in: This=0xe31dd88, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c02da0*=0, plFlavor=0x6c02da4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x6c02da0*=8, plFlavor=0x6c02da4*=0) returned 0x0 [0168.246] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0168.246] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0168.246] IWbemClassObject:Get (in: This=0xe31dd88, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c02da0*=8, plFlavor=0x6c02da4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x6c02da0*=8, plFlavor=0x6c02da4*=0) returned 0x0 [0168.246] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0168.246] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0168.247] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0168.247] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe31da58, puReturned=0x6be9388*=0x1) returned 0x0 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31da58) returned 0x0 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.248] IUnknown:AddRef (This=0xe31da58) returned 0x3 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.248] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31da5c) returned 0x0 [0168.248] IMarshal:GetUnmarshalClass (in: This=0xe31da5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.249] IUnknown:Release (This=0xe31da5c) returned 0x3 [0168.249] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.249] IUnknown:Release (This=0xe31da58) returned 0x2 [0168.249] IUnknown:QueryInterface (in: This=0xe31da58, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31da58) returned 0x0 [0168.249] IUnknown:AddRef (This=0xe31da58) returned 0x4 [0168.249] IUnknown:Release (This=0xe31da58) returned 0x3 [0168.249] IUnknown:Release (This=0xe31da58) returned 0x2 [0168.249] CoTaskMemFree (pv=0xc164f8) [0168.249] IUnknown:AddRef (This=0xe31da58) returned 0x3 [0168.249] IWbemClassObject:Get (in: This=0xe31da58, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.250] IWbemClassObject:Get (in: This=0xe31da58, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.250] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"") returned 0x5e [0168.250] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"") returned 0x5e [0168.250] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.250] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.250] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.250] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.251] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16508) returned 0x0 [0168.251] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.252] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322d58) returned 0x0 [0168.252] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322d58) returned 0x0 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.252] WbemDefPath:IUnknown:AddRef (This=0xe322d58) returned 0x3 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.252] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321918) returned 0x0 [0168.253] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321918, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.253] WbemDefPath:IUnknown:Release (This=0xe321918) returned 0x3 [0168.253] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.253] WbemDefPath:IUnknown:Release (This=0xe322d58) returned 0x2 [0168.253] WbemDefPath:IUnknown:Release (This=0xe322d58) returned 0x1 [0168.253] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322d58, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322d58) returned 0x0 [0168.253] WbemDefPath:IUnknown:AddRef (This=0xe322d58) returned 0x3 [0168.253] WbemDefPath:IUnknown:Release (This=0xe322d58) returned 0x2 [0168.253] WbemDefPath:IWbemPath:SetText (This=0xe322d58, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"") returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.254] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.254] IWbemClassObject:Get (in: This=0xe31da58, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03658*=0, plFlavor=0x6c0365c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x6c03658*=8, plFlavor=0x6c0365c*=0) returned 0x0 [0168.254] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0168.254] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0168.254] IWbemClassObject:Get (in: This=0xe31da58, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03658*=8, plFlavor=0x6c0365c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x6c03658*=8, plFlavor=0x6c0365c*=0) returned 0x0 [0168.254] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0168.254] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0168.254] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0168.255] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6be9388 | out: apObjects=0xc16408*=0xe31e0b8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31e0b8) returned 0x0 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.256] IUnknown:AddRef (This=0xe31e0b8) returned 0x3 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.256] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31e0bc) returned 0x0 [0168.256] IMarshal:GetUnmarshalClass (in: This=0xe31e0bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.256] IUnknown:Release (This=0xe31e0bc) returned 0x3 [0168.257] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.257] IUnknown:Release (This=0xe31e0b8) returned 0x2 [0168.257] IUnknown:QueryInterface (in: This=0xe31e0b8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31e0b8) returned 0x0 [0168.257] IUnknown:AddRef (This=0xe31e0b8) returned 0x4 [0168.257] IUnknown:Release (This=0xe31e0b8) returned 0x3 [0168.257] IUnknown:Release (This=0xe31e0b8) returned 0x2 [0168.257] CoTaskMemFree (pv=0xc16408) [0168.257] IUnknown:AddRef (This=0xe31e0b8) returned 0x3 [0168.257] IWbemClassObject:Get (in: This=0xe31e0b8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.257] IWbemClassObject:Get (in: This=0xe31e0b8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"") returned 0x5e [0168.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"") returned 0x5e [0168.258] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.258] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.258] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.258] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.259] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.259] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.259] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322578) returned 0x0 [0168.259] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.259] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322578) returned 0x0 [0168.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.260] WbemDefPath:IUnknown:AddRef (This=0xe322578) returned 0x3 [0168.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.260] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321a38) returned 0x0 [0168.261] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321a38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.261] WbemDefPath:IUnknown:Release (This=0xe321a38) returned 0x3 [0168.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.261] WbemDefPath:IUnknown:Release (This=0xe322578) returned 0x2 [0168.261] WbemDefPath:IUnknown:Release (This=0xe322578) returned 0x1 [0168.261] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322578, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322578) returned 0x0 [0168.261] WbemDefPath:IUnknown:AddRef (This=0xe322578) returned 0x3 [0168.261] WbemDefPath:IUnknown:Release (This=0xe322578) returned 0x2 [0168.261] WbemDefPath:IWbemPath:SetText (This=0xe322578, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"") returned 0x0 [0168.261] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.261] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.262] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.262] IWbemClassObject:Get (in: This=0xe31e0b8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03f08*=0, plFlavor=0x6c03f0c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x6c03f08*=8, plFlavor=0x6c03f0c*=0) returned 0x0 [0168.262] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0168.262] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0168.262] IWbemClassObject:Get (in: This=0xe31e0b8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03f08*=8, plFlavor=0x6c03f0c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x6c03f08*=8, plFlavor=0x6c03f0c*=0) returned 0x0 [0168.262] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0168.263] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0168.263] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0168.263] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe31d260, puReturned=0x6be9388*=0x1) returned 0x0 [0168.264] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d260) returned 0x0 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.265] IUnknown:AddRef (This=0xe31d260) returned 0x3 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.265] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d264) returned 0x0 [0168.265] IMarshal:GetUnmarshalClass (in: This=0xe31d264, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.265] IUnknown:Release (This=0xe31d264) returned 0x3 [0168.266] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.266] IUnknown:Release (This=0xe31d260) returned 0x2 [0168.266] IUnknown:QueryInterface (in: This=0xe31d260, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d260) returned 0x0 [0168.266] IUnknown:AddRef (This=0xe31d260) returned 0x4 [0168.266] IUnknown:Release (This=0xe31d260) returned 0x3 [0168.266] IUnknown:Release (This=0xe31d260) returned 0x2 [0168.266] CoTaskMemFree (pv=0xc164f8) [0168.266] IUnknown:AddRef (This=0xe31d260) returned 0x3 [0168.266] IWbemClassObject:Get (in: This=0xe31d260, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.267] IWbemClassObject:Get (in: This=0xe31d260, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.267] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"") returned 0x5e [0168.267] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"") returned 0x5e [0168.267] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.267] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.267] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.267] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.268] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16458) returned 0x0 [0168.268] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16458, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.269] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16458, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3227a8) returned 0x0 [0168.269] WbemDefPath:IUnknown:Release (This=0xc16458) returned 0x0 [0168.269] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3227a8) returned 0x0 [0168.269] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.269] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.269] WbemDefPath:IUnknown:AddRef (This=0xe3227a8) returned 0x3 [0168.269] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.269] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.270] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321bd0) returned 0x0 [0168.270] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321bd0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.270] WbemDefPath:IUnknown:Release (This=0xe321bd0) returned 0x3 [0168.270] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.270] WbemDefPath:IUnknown:Release (This=0xe3227a8) returned 0x2 [0168.270] WbemDefPath:IUnknown:Release (This=0xe3227a8) returned 0x1 [0168.270] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3227a8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3227a8) returned 0x0 [0168.270] WbemDefPath:IUnknown:AddRef (This=0xe3227a8) returned 0x3 [0168.270] WbemDefPath:IUnknown:Release (This=0xe3227a8) returned 0x2 [0168.270] WbemDefPath:IWbemPath:SetText (This=0xe3227a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"") returned 0x0 [0168.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.270] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.271] IWbemClassObject:Get (in: This=0xe31d260, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c047b8*=0, plFlavor=0x6c047bc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x6c047b8*=8, plFlavor=0x6c047bc*=0) returned 0x0 [0168.271] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0168.271] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0168.271] IWbemClassObject:Get (in: This=0xe31d260, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c047b8*=8, plFlavor=0x6c047bc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x6c047b8*=8, plFlavor=0x6c047bc*=0) returned 0x0 [0168.271] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0168.271] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0168.271] CoTaskMemAlloc (cb=0x4) returned 0xc16578 [0168.271] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16578, puReturned=0x6be9388 | out: apObjects=0xc16578*=0xe31c8d0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.315] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31c8d0) returned 0x0 [0168.315] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.315] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.315] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.316] IUnknown:AddRef (This=0xe31c8d0) returned 0x3 [0168.316] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.316] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.316] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31c8d4) returned 0x0 [0168.316] IMarshal:GetUnmarshalClass (in: This=0xe31c8d4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.316] IUnknown:Release (This=0xe31c8d4) returned 0x3 [0168.316] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.316] IUnknown:Release (This=0xe31c8d0) returned 0x2 [0168.316] IUnknown:QueryInterface (in: This=0xe31c8d0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31c8d0) returned 0x0 [0168.316] IUnknown:AddRef (This=0xe31c8d0) returned 0x4 [0168.317] IUnknown:Release (This=0xe31c8d0) returned 0x3 [0168.317] IUnknown:Release (This=0xe31c8d0) returned 0x2 [0168.317] CoTaskMemFree (pv=0xc16578) [0168.317] IUnknown:AddRef (This=0xe31c8d0) returned 0x3 [0168.317] IWbemClassObject:Get (in: This=0xe31c8d0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.317] IWbemClassObject:Get (in: This=0xe31c8d0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.317] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x5e [0168.317] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x5e [0168.317] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.318] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.318] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.318] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.319] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164c8) returned 0x0 [0168.319] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.319] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322498) returned 0x0 [0168.319] WbemDefPath:IUnknown:Release (This=0xc164c8) returned 0x0 [0168.319] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322498) returned 0x0 [0168.319] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.319] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.320] WbemDefPath:IUnknown:AddRef (This=0xe322498) returned 0x3 [0168.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321fd8) returned 0x0 [0168.320] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321fd8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.320] WbemDefPath:IUnknown:Release (This=0xe321fd8) returned 0x3 [0168.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.321] WbemDefPath:IUnknown:Release (This=0xe322498) returned 0x2 [0168.321] WbemDefPath:IUnknown:Release (This=0xe322498) returned 0x1 [0168.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322498, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322498) returned 0x0 [0168.321] WbemDefPath:IUnknown:AddRef (This=0xe322498) returned 0x3 [0168.321] WbemDefPath:IUnknown:Release (This=0xe322498) returned 0x2 [0168.321] WbemDefPath:IWbemPath:SetText (This=0xe322498, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.321] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.322] IWbemClassObject:Get (in: This=0xe31c8d0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c05070*=0, plFlavor=0x6c05074*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x6c05070*=8, plFlavor=0x6c05074*=0) returned 0x0 [0168.322] SysStringByteLen (bstr="skype.exe") returned 0x12 [0168.322] SysStringByteLen (bstr="skype.exe") returned 0x12 [0168.322] IWbemClassObject:Get (in: This=0xe31c8d0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c05070*=8, plFlavor=0x6c05074*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x6c05070*=8, plFlavor=0x6c05074*=0) returned 0x0 [0168.322] SysStringByteLen (bstr="skype.exe") returned 0x12 [0168.322] SysStringByteLen (bstr="skype.exe") returned 0x12 [0168.322] CoTaskMemAlloc (cb=0x4) returned 0xc16428 [0168.323] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16428, puReturned=0x6be9388 | out: apObjects=0xc16428*=0xe31e250, puReturned=0x6be9388*=0x1) returned 0x0 [0168.324] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31e250) returned 0x0 [0168.324] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.324] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.324] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.325] IUnknown:AddRef (This=0xe31e250) returned 0x3 [0168.325] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.325] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.325] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31e254) returned 0x0 [0168.325] IMarshal:GetUnmarshalClass (in: This=0xe31e254, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.325] IUnknown:Release (This=0xe31e254) returned 0x3 [0168.326] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.326] IUnknown:Release (This=0xe31e250) returned 0x2 [0168.326] IUnknown:QueryInterface (in: This=0xe31e250, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31e250) returned 0x0 [0168.326] IUnknown:AddRef (This=0xe31e250) returned 0x4 [0168.326] IUnknown:Release (This=0xe31e250) returned 0x3 [0168.326] IUnknown:Release (This=0xe31e250) returned 0x2 [0168.326] CoTaskMemFree (pv=0xc16428) [0168.327] IUnknown:AddRef (This=0xe31e250) returned 0x3 [0168.327] IWbemClassObject:Get (in: This=0xe31e250, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.327] IWbemClassObject:Get (in: This=0xe31e250, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.327] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x5e [0168.327] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x5e [0168.327] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.327] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.328] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.328] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.329] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16528) returned 0x0 [0168.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16528, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.329] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16528, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322658) returned 0x0 [0168.329] WbemDefPath:IUnknown:Release (This=0xc16528) returned 0x0 [0168.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322658) returned 0x0 [0168.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.330] WbemDefPath:IUnknown:AddRef (This=0xe322658) returned 0x3 [0168.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.330] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321ee8) returned 0x0 [0168.331] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321ee8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.331] WbemDefPath:IUnknown:Release (This=0xe321ee8) returned 0x3 [0168.331] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.331] WbemDefPath:IUnknown:Release (This=0xe322658) returned 0x2 [0168.331] WbemDefPath:IUnknown:Release (This=0xe322658) returned 0x1 [0168.331] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322658, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322658) returned 0x0 [0168.331] WbemDefPath:IUnknown:AddRef (This=0xe322658) returned 0x3 [0168.331] WbemDefPath:IUnknown:Release (This=0xe322658) returned 0x2 [0168.332] WbemDefPath:IWbemPath:SetText (This=0xe322658, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.332] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.332] IWbemClassObject:Get (in: This=0xe31e250, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c05918*=0, plFlavor=0x6c0591c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x6c05918*=8, plFlavor=0x6c0591c*=0) returned 0x0 [0168.332] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0168.333] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0168.333] IWbemClassObject:Get (in: This=0xe31e250, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c05918*=8, plFlavor=0x6c0591c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x6c05918*=8, plFlavor=0x6c0591c*=0) returned 0x0 [0168.333] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0168.333] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0168.333] CoTaskMemAlloc (cb=0x4) returned 0xc163f8 [0168.333] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163f8, puReturned=0x6be9388 | out: apObjects=0xc163f8*=0xe31d3f8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d3f8) returned 0x0 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.335] IUnknown:AddRef (This=0xe31d3f8) returned 0x3 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.335] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.336] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d3fc) returned 0x0 [0168.336] IMarshal:GetUnmarshalClass (in: This=0xe31d3fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.336] IUnknown:Release (This=0xe31d3fc) returned 0x3 [0168.336] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.336] IUnknown:Release (This=0xe31d3f8) returned 0x2 [0168.336] IUnknown:QueryInterface (in: This=0xe31d3f8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d3f8) returned 0x0 [0168.336] IUnknown:AddRef (This=0xe31d3f8) returned 0x4 [0168.336] IUnknown:Release (This=0xe31d3f8) returned 0x3 [0168.336] IUnknown:Release (This=0xe31d3f8) returned 0x2 [0168.336] CoTaskMemFree (pv=0xc163f8) [0168.337] IUnknown:AddRef (This=0xe31d3f8) returned 0x3 [0168.337] IWbemClassObject:Get (in: This=0xe31d3f8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.337] IWbemClassObject:Get (in: This=0xe31d3f8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.337] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"") returned 0x5e [0168.337] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"") returned 0x5e [0168.337] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.338] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.338] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.338] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.341] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16448) returned 0x0 [0168.341] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.341] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322428) returned 0x0 [0168.341] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0168.341] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322428) returned 0x0 [0168.341] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.341] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.342] WbemDefPath:IUnknown:AddRef (This=0xe322428) returned 0x3 [0168.342] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.342] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.342] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3222c0) returned 0x0 [0168.342] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3222c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.342] WbemDefPath:IUnknown:Release (This=0xe3222c0) returned 0x3 [0168.343] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.343] WbemDefPath:IUnknown:Release (This=0xe322428) returned 0x2 [0168.343] WbemDefPath:IUnknown:Release (This=0xe322428) returned 0x1 [0168.343] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322428, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322428) returned 0x0 [0168.343] WbemDefPath:IUnknown:AddRef (This=0xe322428) returned 0x3 [0168.343] WbemDefPath:IUnknown:Release (This=0xe322428) returned 0x2 [0168.343] WbemDefPath:IWbemPath:SetText (This=0xe322428, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"") returned 0x0 [0168.343] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.343] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.344] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.344] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.344] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.344] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.344] IWbemClassObject:Get (in: This=0xe31d3f8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c061d0*=0, plFlavor=0x6c061d4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x6c061d0*=8, plFlavor=0x6c061d4*=0) returned 0x0 [0168.344] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0168.345] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0168.345] IWbemClassObject:Get (in: This=0xe31d3f8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c061d0*=8, plFlavor=0x6c061d4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x6c061d0*=8, plFlavor=0x6c061d4*=0) returned 0x0 [0168.345] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0168.345] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0168.345] CoTaskMemAlloc (cb=0x4) returned 0xc16578 [0168.345] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16578, puReturned=0x6be9388 | out: apObjects=0xc16578*=0xe31d590, puReturned=0x6be9388*=0x1) returned 0x0 [0168.347] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d590) returned 0x0 [0168.347] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.347] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.347] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.348] IUnknown:AddRef (This=0xe31d590) returned 0x3 [0168.348] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.348] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.348] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d594) returned 0x0 [0168.348] IMarshal:GetUnmarshalClass (in: This=0xe31d594, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.348] IUnknown:Release (This=0xe31d594) returned 0x3 [0168.348] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.348] IUnknown:Release (This=0xe31d590) returned 0x2 [0168.349] IUnknown:QueryInterface (in: This=0xe31d590, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d590) returned 0x0 [0168.349] IUnknown:AddRef (This=0xe31d590) returned 0x4 [0168.349] IUnknown:Release (This=0xe31d590) returned 0x3 [0168.349] IUnknown:Release (This=0xe31d590) returned 0x2 [0168.349] CoTaskMemFree (pv=0xc16578) [0168.349] IUnknown:AddRef (This=0xe31d590) returned 0x3 [0168.349] IWbemClassObject:Get (in: This=0xe31d590, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.349] IWbemClassObject:Get (in: This=0xe31d590, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.349] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"") returned 0x5e [0168.350] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"") returned 0x5e [0168.350] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.350] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.350] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.350] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.351] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16508) returned 0x0 [0168.351] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.351] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322508) returned 0x0 [0168.351] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0168.351] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322508) returned 0x0 [0168.351] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.352] WbemDefPath:IUnknown:AddRef (This=0xe322508) returned 0x3 [0168.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3203e8) returned 0x0 [0168.352] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3203e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.352] WbemDefPath:IUnknown:Release (This=0xe3203e8) returned 0x3 [0168.352] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.352] WbemDefPath:IUnknown:Release (This=0xe322508) returned 0x2 [0168.353] WbemDefPath:IUnknown:Release (This=0xe322508) returned 0x1 [0168.353] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322508, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322508) returned 0x0 [0168.353] WbemDefPath:IUnknown:AddRef (This=0xe322508) returned 0x3 [0168.353] WbemDefPath:IUnknown:Release (This=0xe322508) returned 0x2 [0168.353] WbemDefPath:IWbemPath:SetText (This=0xe322508, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"") returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.353] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.353] IWbemClassObject:Get (in: This=0xe31d590, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c06a90*=0, plFlavor=0x6c06a94*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x6c06a90*=8, plFlavor=0x6c06a94*=0) returned 0x0 [0168.353] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0168.353] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0168.354] IWbemClassObject:Get (in: This=0xe31d590, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c06a90*=8, plFlavor=0x6c06a94*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x6c06a90*=8, plFlavor=0x6c06a94*=0) returned 0x0 [0168.354] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0168.354] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0168.354] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0168.402] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6be9388 | out: apObjects=0xc164f8*=0xe31cd98, puReturned=0x6be9388*=0x1) returned 0x0 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31cd98) returned 0x0 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.404] IUnknown:AddRef (This=0xe31cd98) returned 0x3 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.404] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31cd9c) returned 0x0 [0168.405] IMarshal:GetUnmarshalClass (in: This=0xe31cd9c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.405] IUnknown:Release (This=0xe31cd9c) returned 0x3 [0168.405] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.405] IUnknown:Release (This=0xe31cd98) returned 0x2 [0168.405] IUnknown:QueryInterface (in: This=0xe31cd98, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31cd98) returned 0x0 [0168.405] IUnknown:AddRef (This=0xe31cd98) returned 0x4 [0168.405] IUnknown:Release (This=0xe31cd98) returned 0x3 [0168.405] IUnknown:Release (This=0xe31cd98) returned 0x2 [0168.405] CoTaskMemFree (pv=0xc164f8) [0168.405] IUnknown:AddRef (This=0xe31cd98) returned 0x3 [0168.406] IWbemClassObject:Get (in: This=0xe31cd98, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.406] IWbemClassObject:Get (in: This=0xe31cd98, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.406] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"") returned 0x5e [0168.406] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"") returned 0x5e [0168.406] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.406] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.406] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.406] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.409] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16418) returned 0x0 [0168.410] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.410] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322a48) returned 0x0 [0168.410] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0168.410] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322a48) returned 0x0 [0168.410] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.410] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.410] WbemDefPath:IUnknown:AddRef (This=0xe322a48) returned 0x3 [0168.411] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.411] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.411] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe320598) returned 0x0 [0168.411] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320598, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.411] WbemDefPath:IUnknown:Release (This=0xe320598) returned 0x3 [0168.411] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.411] WbemDefPath:IUnknown:Release (This=0xe322a48) returned 0x2 [0168.411] WbemDefPath:IUnknown:Release (This=0xe322a48) returned 0x1 [0168.412] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322a48, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322a48) returned 0x0 [0168.412] WbemDefPath:IUnknown:AddRef (This=0xe322a48) returned 0x3 [0168.412] WbemDefPath:IUnknown:Release (This=0xe322a48) returned 0x2 [0168.412] WbemDefPath:IWbemPath:SetText (This=0xe322a48, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"") returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.413] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.413] IWbemClassObject:Get (in: This=0xe31cd98, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c07348*=0, plFlavor=0x6c0734c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x6c07348*=8, plFlavor=0x6c0734c*=0) returned 0x0 [0168.413] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0168.413] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0168.414] IWbemClassObject:Get (in: This=0xe31cd98, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c07348*=8, plFlavor=0x6c0734c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x6c07348*=8, plFlavor=0x6c0734c*=0) returned 0x0 [0168.414] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0168.414] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0168.414] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0168.414] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe31d8c0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.415] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31d8c0) returned 0x0 [0168.415] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.415] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.415] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.416] IUnknown:AddRef (This=0xe31d8c0) returned 0x3 [0168.416] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.416] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.416] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31d8c4) returned 0x0 [0168.416] IMarshal:GetUnmarshalClass (in: This=0xe31d8c4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.416] IUnknown:Release (This=0xe31d8c4) returned 0x3 [0168.416] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.416] IUnknown:Release (This=0xe31d8c0) returned 0x2 [0168.418] IUnknown:QueryInterface (in: This=0xe31d8c0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31d8c0) returned 0x0 [0168.418] IUnknown:AddRef (This=0xe31d8c0) returned 0x4 [0168.418] IUnknown:Release (This=0xe31d8c0) returned 0x3 [0168.418] IUnknown:Release (This=0xe31d8c0) returned 0x2 [0168.418] CoTaskMemFree (pv=0xc163b8) [0168.418] IUnknown:AddRef (This=0xe31d8c0) returned 0x3 [0168.418] IWbemClassObject:Get (in: This=0xe31d8c0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.418] IWbemClassObject:Get (in: This=0xe31d8c0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.419] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"") returned 0x5e [0168.419] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"") returned 0x5e [0168.419] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.419] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.419] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.419] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.420] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16418) returned 0x0 [0168.420] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.420] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322968) returned 0x0 [0168.420] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322968) returned 0x0 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.421] WbemDefPath:IUnknown:AddRef (This=0xe322968) returned 0x3 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.421] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3207a8) returned 0x0 [0168.421] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3207a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.421] WbemDefPath:IUnknown:Release (This=0xe3207a8) returned 0x3 [0168.422] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.422] WbemDefPath:IUnknown:Release (This=0xe322968) returned 0x2 [0168.422] WbemDefPath:IUnknown:Release (This=0xe322968) returned 0x1 [0168.422] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322968, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322968) returned 0x0 [0168.422] WbemDefPath:IUnknown:AddRef (This=0xe322968) returned 0x3 [0168.422] WbemDefPath:IUnknown:Release (This=0xe322968) returned 0x2 [0168.422] WbemDefPath:IWbemPath:SetText (This=0xe322968, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"") returned 0x0 [0168.422] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.422] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.422] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.422] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.422] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.423] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.423] IWbemClassObject:Get (in: This=0xe31d8c0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c07c00*=0, plFlavor=0x6c07c04*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x6c07c00*=8, plFlavor=0x6c07c04*=0) returned 0x0 [0168.423] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0168.423] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0168.423] IWbemClassObject:Get (in: This=0xe31d8c0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c07c00*=8, plFlavor=0x6c07c04*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x6c07c00*=8, plFlavor=0x6c07c04*=0) returned 0x0 [0168.423] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0168.423] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0168.423] CoTaskMemAlloc (cb=0x4) returned 0xc164e8 [0168.423] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164e8, puReturned=0x6be9388 | out: apObjects=0xc164e8*=0xe31e3e8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.424] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31e3e8) returned 0x0 [0168.424] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.424] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.425] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.425] IUnknown:AddRef (This=0xe31e3e8) returned 0x3 [0168.425] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.425] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.425] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31e3ec) returned 0x0 [0168.425] IMarshal:GetUnmarshalClass (in: This=0xe31e3ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.425] IUnknown:Release (This=0xe31e3ec) returned 0x3 [0168.425] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.426] IUnknown:Release (This=0xe31e3e8) returned 0x2 [0168.426] IUnknown:QueryInterface (in: This=0xe31e3e8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31e3e8) returned 0x0 [0168.426] IUnknown:AddRef (This=0xe31e3e8) returned 0x4 [0168.426] IUnknown:Release (This=0xe31e3e8) returned 0x3 [0168.426] IUnknown:Release (This=0xe31e3e8) returned 0x2 [0168.426] CoTaskMemFree (pv=0xc164e8) [0168.426] IUnknown:AddRef (This=0xe31e3e8) returned 0x3 [0168.426] IWbemClassObject:Get (in: This=0xe31e3e8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.426] IWbemClassObject:Get (in: This=0xe31e3e8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"") returned 0x5e [0168.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"") returned 0x5e [0168.427] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.427] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.427] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.427] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.428] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16548) returned 0x0 [0168.428] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.428] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322dc8) returned 0x0 [0168.428] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0168.428] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322dc8) returned 0x0 [0168.429] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.429] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.429] WbemDefPath:IUnknown:AddRef (This=0xe322dc8) returned 0x3 [0168.429] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.429] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.429] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3208b0) returned 0x0 [0168.429] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3208b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.429] WbemDefPath:IUnknown:Release (This=0xe3208b0) returned 0x3 [0168.430] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.430] WbemDefPath:IUnknown:Release (This=0xe322dc8) returned 0x2 [0168.430] WbemDefPath:IUnknown:Release (This=0xe322dc8) returned 0x1 [0168.430] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322dc8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322dc8) returned 0x0 [0168.430] WbemDefPath:IUnknown:AddRef (This=0xe322dc8) returned 0x3 [0168.430] WbemDefPath:IUnknown:Release (This=0xe322dc8) returned 0x2 [0168.430] WbemDefPath:IWbemPath:SetText (This=0xe322dc8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"") returned 0x0 [0168.430] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.430] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.430] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.430] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.431] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.431] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.431] IWbemClassObject:Get (in: This=0xe31e3e8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c084b8*=0, plFlavor=0x6c084bc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x6c084b8*=8, plFlavor=0x6c084bc*=0) returned 0x0 [0168.431] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0168.431] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0168.431] IWbemClassObject:Get (in: This=0xe31e3e8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c084b8*=8, plFlavor=0x6c084bc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x6c084b8*=8, plFlavor=0x6c084bc*=0) returned 0x0 [0168.431] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0168.431] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0168.431] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0168.431] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6be9388 | out: apObjects=0xc163d8*=0xe31cc00, puReturned=0x6be9388*=0x1) returned 0x0 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31cc00) returned 0x0 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.433] IUnknown:AddRef (This=0xe31cc00) returned 0x3 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.433] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31cc04) returned 0x0 [0168.434] IMarshal:GetUnmarshalClass (in: This=0xe31cc04, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.434] IUnknown:Release (This=0xe31cc04) returned 0x3 [0168.434] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.434] IUnknown:Release (This=0xe31cc00) returned 0x2 [0168.434] IUnknown:QueryInterface (in: This=0xe31cc00, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31cc00) returned 0x0 [0168.434] IUnknown:AddRef (This=0xe31cc00) returned 0x4 [0168.434] IUnknown:Release (This=0xe31cc00) returned 0x3 [0168.434] IUnknown:Release (This=0xe31cc00) returned 0x2 [0168.434] CoTaskMemFree (pv=0xc163d8) [0168.434] IUnknown:AddRef (This=0xe31cc00) returned 0x3 [0168.434] IWbemClassObject:Get (in: This=0xe31cc00, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.435] IWbemClassObject:Get (in: This=0xe31cc00, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.435] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"") returned 0x5e [0168.435] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"") returned 0x5e [0168.435] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.435] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.435] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.435] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.436] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16488) returned 0x0 [0168.436] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.437] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322738) returned 0x0 [0168.437] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322738) returned 0x0 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.437] WbemDefPath:IUnknown:AddRef (This=0xe322738) returned 0x3 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.437] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe320c58) returned 0x0 [0168.437] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320c58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.438] WbemDefPath:IUnknown:Release (This=0xe320c58) returned 0x3 [0168.438] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.438] WbemDefPath:IUnknown:Release (This=0xe322738) returned 0x2 [0168.438] WbemDefPath:IUnknown:Release (This=0xe322738) returned 0x1 [0168.438] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322738, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322738) returned 0x0 [0168.438] WbemDefPath:IUnknown:AddRef (This=0xe322738) returned 0x3 [0168.438] WbemDefPath:IUnknown:Release (This=0xe322738) returned 0x2 [0168.438] WbemDefPath:IWbemPath:SetText (This=0xe322738, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"") returned 0x0 [0168.438] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.438] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.438] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.439] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.439] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.439] IWbemClassObject:Get (in: This=0xe31cc00, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c08d68*=0, plFlavor=0x6c08d6c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x6c08d68*=8, plFlavor=0x6c08d6c*=0) returned 0x0 [0168.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0168.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0168.439] IWbemClassObject:Get (in: This=0xe31cc00, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c08d68*=8, plFlavor=0x6c08d6c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x6c08d68*=8, plFlavor=0x6c08d6c*=0) returned 0x0 [0168.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0168.439] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0168.439] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0168.439] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6be9388 | out: apObjects=0xc16518*=0xe31cf30, puReturned=0x6be9388*=0x1) returned 0x0 [0168.480] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31cf30) returned 0x0 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.481] IUnknown:AddRef (This=0xe31cf30) returned 0x3 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.481] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31cf34) returned 0x0 [0168.481] IMarshal:GetUnmarshalClass (in: This=0xe31cf34, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.482] IUnknown:Release (This=0xe31cf34) returned 0x3 [0168.482] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.482] IUnknown:Release (This=0xe31cf30) returned 0x2 [0168.482] IUnknown:QueryInterface (in: This=0xe31cf30, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31cf30) returned 0x0 [0168.482] IUnknown:AddRef (This=0xe31cf30) returned 0x4 [0168.482] IUnknown:Release (This=0xe31cf30) returned 0x3 [0168.482] IUnknown:Release (This=0xe31cf30) returned 0x2 [0168.482] CoTaskMemFree (pv=0xc16518) [0168.483] IUnknown:AddRef (This=0xe31cf30) returned 0x3 [0168.483] IWbemClassObject:Get (in: This=0xe31cf30, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.483] IWbemClassObject:Get (in: This=0xe31cf30, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.483] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"") returned 0x5e [0168.483] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"") returned 0x5e [0168.483] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.483] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.484] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.484] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.485] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16478) returned 0x0 [0168.485] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16478, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.485] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16478, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322f18) returned 0x0 [0168.485] WbemDefPath:IUnknown:Release (This=0xc16478) returned 0x0 [0168.485] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322f18) returned 0x0 [0168.485] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.485] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.486] WbemDefPath:IUnknown:AddRef (This=0xe322f18) returned 0x3 [0168.486] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.486] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.486] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe320b50) returned 0x0 [0168.486] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320b50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.486] WbemDefPath:IUnknown:Release (This=0xe320b50) returned 0x3 [0168.486] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.486] WbemDefPath:IUnknown:Release (This=0xe322f18) returned 0x2 [0168.486] WbemDefPath:IUnknown:Release (This=0xe322f18) returned 0x1 [0168.486] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f18, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322f18) returned 0x0 [0168.487] WbemDefPath:IUnknown:AddRef (This=0xe322f18) returned 0x3 [0168.487] WbemDefPath:IUnknown:Release (This=0xe322f18) returned 0x2 [0168.487] WbemDefPath:IWbemPath:SetText (This=0xe322f18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"") returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.487] IWbemClassObject:Get (in: This=0xe31cf30, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c09638*=0, plFlavor=0x6c0963c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x6c09638*=8, plFlavor=0x6c0963c*=0) returned 0x0 [0168.487] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0168.487] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0168.487] IWbemClassObject:Get (in: This=0xe31cf30, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c09638*=8, plFlavor=0x6c0963c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x6c09638*=8, plFlavor=0x6c0963c*=0) returned 0x0 [0168.488] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0168.488] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0168.488] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0168.488] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xe31e580, puReturned=0x6be9388*=0x1) returned 0x0 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe31e580) returned 0x0 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.489] IUnknown:AddRef (This=0xe31e580) returned 0x3 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.489] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe31e584) returned 0x0 [0168.490] IMarshal:GetUnmarshalClass (in: This=0xe31e584, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.490] IUnknown:Release (This=0xe31e584) returned 0x3 [0168.490] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.490] IUnknown:Release (This=0xe31e580) returned 0x2 [0168.490] IUnknown:QueryInterface (in: This=0xe31e580, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe31e580) returned 0x0 [0168.490] IUnknown:AddRef (This=0xe31e580) returned 0x4 [0168.490] IUnknown:Release (This=0xe31e580) returned 0x3 [0168.490] IUnknown:Release (This=0xe31e580) returned 0x2 [0168.490] CoTaskMemFree (pv=0xc16418) [0168.490] IUnknown:AddRef (This=0xe31e580) returned 0x3 [0168.490] IWbemClassObject:Get (in: This=0xe31e580, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.491] IWbemClassObject:Get (in: This=0xe31e580, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.491] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"") returned 0x5e [0168.491] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"") returned 0x5e [0168.491] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.491] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.491] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.491] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.492] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164a8) returned 0x0 [0168.492] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164a8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.492] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164a8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322e38) returned 0x0 [0168.493] WbemDefPath:IUnknown:Release (This=0xc164a8) returned 0x0 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322e38) returned 0x0 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.493] WbemDefPath:IUnknown:AddRef (This=0xe322e38) returned 0x3 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe320eb0) returned 0x0 [0168.493] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320eb0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.493] WbemDefPath:IUnknown:Release (This=0xe320eb0) returned 0x3 [0168.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.494] WbemDefPath:IUnknown:Release (This=0xe322e38) returned 0x2 [0168.494] WbemDefPath:IUnknown:Release (This=0xe322e38) returned 0x1 [0168.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322e38, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322e38) returned 0x0 [0168.494] WbemDefPath:IUnknown:AddRef (This=0xe322e38) returned 0x3 [0168.494] WbemDefPath:IUnknown:Release (This=0xe322e38) returned 0x2 [0168.494] WbemDefPath:IWbemPath:SetText (This=0xe322e38, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"") returned 0x0 [0168.494] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.494] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.494] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.495] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.495] IWbemClassObject:Get (in: This=0xe31e580, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c09f00*=0, plFlavor=0x6c09f04*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x6c09f00*=8, plFlavor=0x6c09f04*=0) returned 0x0 [0168.495] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0168.495] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0168.495] IWbemClassObject:Get (in: This=0xe31e580, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c09f00*=8, plFlavor=0x6c09f04*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x6c09f00*=8, plFlavor=0x6c09f04*=0) returned 0x0 [0168.495] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0168.495] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0168.496] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0168.496] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6be9388 | out: apObjects=0xc16438*=0xe328520, puReturned=0x6be9388*=0x1) returned 0x0 [0168.497] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe328520) returned 0x0 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.498] IUnknown:AddRef (This=0xe328520) returned 0x3 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.498] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe328524) returned 0x0 [0168.498] IMarshal:GetUnmarshalClass (in: This=0xe328524, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.498] IUnknown:Release (This=0xe328524) returned 0x3 [0168.499] IUnknown:QueryInterface (in: This=0xe328520, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.499] IUnknown:Release (This=0xe328520) returned 0x2 [0168.499] IUnknown:QueryInterface (in: This=0xe328520, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe328520) returned 0x0 [0168.499] IUnknown:AddRef (This=0xe328520) returned 0x4 [0168.499] IUnknown:Release (This=0xe328520) returned 0x3 [0168.499] IUnknown:Release (This=0xe328520) returned 0x2 [0168.499] CoTaskMemFree (pv=0xc16438) [0168.499] IUnknown:AddRef (This=0xe328520) returned 0x3 [0168.499] IWbemClassObject:Get (in: This=0xe328520, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.500] IWbemClassObject:Get (in: This=0xe328520, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.500] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x5e [0168.500] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x5e [0168.500] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.500] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.500] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.500] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.501] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16408) returned 0x0 [0168.501] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16408, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.501] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16408, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322f88) returned 0x0 [0168.501] WbemDefPath:IUnknown:Release (This=0xc16408) returned 0x0 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322f88) returned 0x0 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.502] WbemDefPath:IUnknown:AddRef (This=0xe322f88) returned 0x3 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321210) returned 0x0 [0168.502] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321210, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.502] WbemDefPath:IUnknown:Release (This=0xe321210) returned 0x3 [0168.502] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.503] WbemDefPath:IUnknown:Release (This=0xe322f88) returned 0x2 [0168.503] WbemDefPath:IUnknown:Release (This=0xe322f88) returned 0x1 [0168.503] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322f88, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322f88) returned 0x0 [0168.503] WbemDefPath:IUnknown:AddRef (This=0xe322f88) returned 0x3 [0168.503] WbemDefPath:IUnknown:Release (This=0xe322f88) returned 0x2 [0168.503] WbemDefPath:IWbemPath:SetText (This=0xe322f88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.503] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.503] IWbemClassObject:Get (in: This=0xe328520, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0a7b0*=0, plFlavor=0x6c0a7b4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x6c0a7b0*=8, plFlavor=0x6c0a7b4*=0) returned 0x0 [0168.503] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0168.504] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0168.504] IWbemClassObject:Get (in: This=0xe328520, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0a7b0*=8, plFlavor=0x6c0a7b4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x6c0a7b0*=8, plFlavor=0x6c0a7b4*=0) returned 0x0 [0168.504] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0168.504] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0168.504] CoTaskMemAlloc (cb=0x4) returned 0xc16528 [0168.504] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16528, puReturned=0x6be9388 | out: apObjects=0xc16528*=0xe3279f8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.505] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3279f8) returned 0x0 [0168.505] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.505] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.505] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.505] IUnknown:AddRef (This=0xe3279f8) returned 0x3 [0168.505] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.506] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.506] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3279fc) returned 0x0 [0168.506] IMarshal:GetUnmarshalClass (in: This=0xe3279fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.506] IUnknown:Release (This=0xe3279fc) returned 0x3 [0168.506] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.506] IUnknown:Release (This=0xe3279f8) returned 0x2 [0168.506] IUnknown:QueryInterface (in: This=0xe3279f8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3279f8) returned 0x0 [0168.506] IUnknown:AddRef (This=0xe3279f8) returned 0x4 [0168.506] IUnknown:Release (This=0xe3279f8) returned 0x3 [0168.506] IUnknown:Release (This=0xe3279f8) returned 0x2 [0168.506] CoTaskMemFree (pv=0xc16528) [0168.506] IUnknown:AddRef (This=0xe3279f8) returned 0x3 [0168.507] IWbemClassObject:Get (in: This=0xe3279f8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.507] IWbemClassObject:Get (in: This=0xe3279f8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.507] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"") returned 0x5e [0168.507] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"") returned 0x5e [0168.507] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.507] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.507] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.507] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.508] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164f8) returned 0x0 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.509] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe323068) returned 0x0 [0168.509] WbemDefPath:IUnknown:Release (This=0xc164f8) returned 0x0 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe323068) returned 0x0 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.509] WbemDefPath:IUnknown:AddRef (This=0xe323068) returned 0x3 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.509] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3210a8) returned 0x0 [0168.509] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3210a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.510] WbemDefPath:IUnknown:Release (This=0xe3210a8) returned 0x3 [0168.510] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.510] WbemDefPath:IUnknown:Release (This=0xe323068) returned 0x2 [0168.510] WbemDefPath:IUnknown:Release (This=0xe323068) returned 0x1 [0168.510] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323068, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe323068) returned 0x0 [0168.510] WbemDefPath:IUnknown:AddRef (This=0xe323068) returned 0x3 [0168.560] WbemDefPath:IUnknown:Release (This=0xe323068) returned 0x2 [0168.560] WbemDefPath:IWbemPath:SetText (This=0xe323068, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"") returned 0x0 [0168.560] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.560] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.560] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.561] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.561] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.561] IWbemClassObject:Get (in: This=0xe3279f8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0b058*=0, plFlavor=0x6c0b05c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x6c0b058*=8, plFlavor=0x6c0b05c*=0) returned 0x0 [0168.561] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0168.561] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0168.561] IWbemClassObject:Get (in: This=0xe3279f8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0b058*=8, plFlavor=0x6c0b05c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x6c0b058*=8, plFlavor=0x6c0b05c*=0) returned 0x0 [0168.561] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0168.561] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0168.561] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0168.561] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe326870, puReturned=0x6be9388*=0x1) returned 0x0 [0168.563] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe326870) returned 0x0 [0168.563] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.563] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.563] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.563] IUnknown:AddRef (This=0xe326870) returned 0x3 [0168.563] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.564] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.564] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe326874) returned 0x0 [0168.564] IMarshal:GetUnmarshalClass (in: This=0xe326874, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.564] IUnknown:Release (This=0xe326874) returned 0x3 [0168.564] IUnknown:QueryInterface (in: This=0xe326870, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.564] IUnknown:Release (This=0xe326870) returned 0x2 [0168.564] IUnknown:QueryInterface (in: This=0xe326870, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe326870) returned 0x0 [0168.564] IUnknown:AddRef (This=0xe326870) returned 0x4 [0168.564] IUnknown:Release (This=0xe326870) returned 0x3 [0168.564] IUnknown:Release (This=0xe326870) returned 0x2 [0168.564] CoTaskMemFree (pv=0xc163b8) [0168.565] IUnknown:AddRef (This=0xe326870) returned 0x3 [0168.565] IWbemClassObject:Get (in: This=0xe326870, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.565] IWbemClassObject:Get (in: This=0xe326870, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.565] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"") returned 0x5e [0168.565] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"") returned 0x5e [0168.565] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.565] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.566] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.566] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.567] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16578) returned 0x0 [0168.567] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.567] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16578, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322ff8) returned 0x0 [0168.567] WbemDefPath:IUnknown:Release (This=0xc16578) returned 0x0 [0168.567] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322ff8) returned 0x0 [0168.567] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.567] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.568] WbemDefPath:IUnknown:AddRef (This=0xe322ff8) returned 0x3 [0168.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe3213a8) returned 0x0 [0168.568] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3213a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.568] WbemDefPath:IUnknown:Release (This=0xe3213a8) returned 0x3 [0168.568] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.568] WbemDefPath:IUnknown:Release (This=0xe322ff8) returned 0x2 [0168.569] WbemDefPath:IUnknown:Release (This=0xe322ff8) returned 0x1 [0168.569] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ff8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322ff8) returned 0x0 [0168.569] WbemDefPath:IUnknown:AddRef (This=0xe322ff8) returned 0x3 [0168.569] WbemDefPath:IUnknown:Release (This=0xe322ff8) returned 0x2 [0168.569] WbemDefPath:IWbemPath:SetText (This=0xe322ff8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"") returned 0x0 [0168.569] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.569] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.570] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.570] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.570] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.570] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.570] IWbemClassObject:Get (in: This=0xe326870, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0b908*=0, plFlavor=0x6c0b90c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x6c0b908*=8, plFlavor=0x6c0b90c*=0) returned 0x0 [0168.570] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0168.570] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0168.570] IWbemClassObject:Get (in: This=0xe326870, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0b908*=8, plFlavor=0x6c0b90c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x6c0b908*=8, plFlavor=0x6c0b90c*=0) returned 0x0 [0168.570] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0168.570] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0168.570] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0168.571] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xe328058, puReturned=0x6be9388*=0x1) returned 0x0 [0168.572] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe328058) returned 0x0 [0168.572] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.572] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.572] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.573] IUnknown:AddRef (This=0xe328058) returned 0x3 [0168.573] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.573] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.573] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe32805c) returned 0x0 [0168.574] IMarshal:GetUnmarshalClass (in: This=0xe32805c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.574] IUnknown:Release (This=0xe32805c) returned 0x3 [0168.574] IUnknown:QueryInterface (in: This=0xe328058, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.574] IUnknown:Release (This=0xe328058) returned 0x2 [0168.574] IUnknown:QueryInterface (in: This=0xe328058, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe328058) returned 0x0 [0168.574] IUnknown:AddRef (This=0xe328058) returned 0x4 [0168.574] IUnknown:Release (This=0xe328058) returned 0x3 [0168.575] IUnknown:Release (This=0xe328058) returned 0x2 [0168.575] CoTaskMemFree (pv=0xc164b8) [0168.575] IUnknown:AddRef (This=0xe328058) returned 0x3 [0168.575] IWbemClassObject:Get (in: This=0xe328058, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.575] IWbemClassObject:Get (in: This=0xe328058, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.575] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"") returned 0x5e [0168.575] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"") returned 0x5e [0168.575] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.576] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.576] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.576] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.577] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16548) returned 0x0 [0168.577] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.577] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3225e8) returned 0x0 [0168.577] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0168.577] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3225e8) returned 0x0 [0168.578] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.578] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.578] WbemDefPath:IUnknown:AddRef (This=0xe3225e8) returned 0x3 [0168.578] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.578] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.578] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe321588) returned 0x0 [0168.578] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321588, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.578] WbemDefPath:IUnknown:Release (This=0xe321588) returned 0x3 [0168.579] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.579] WbemDefPath:IUnknown:Release (This=0xe3225e8) returned 0x2 [0168.579] WbemDefPath:IUnknown:Release (This=0xe3225e8) returned 0x1 [0168.579] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3225e8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3225e8) returned 0x0 [0168.579] WbemDefPath:IUnknown:AddRef (This=0xe3225e8) returned 0x3 [0168.579] WbemDefPath:IUnknown:Release (This=0xe3225e8) returned 0x2 [0168.579] WbemDefPath:IWbemPath:SetText (This=0xe3225e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"") returned 0x0 [0168.579] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.579] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.579] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.580] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.580] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.580] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.580] IWbemClassObject:Get (in: This=0xe328058, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0c1c8*=0, plFlavor=0x6c0c1cc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x6c0c1c8*=8, plFlavor=0x6c0c1cc*=0) returned 0x0 [0168.580] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0168.580] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0168.580] IWbemClassObject:Get (in: This=0xe328058, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0c1c8*=8, plFlavor=0x6c0c1cc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x6c0c1c8*=8, plFlavor=0x6c0c1cc*=0) returned 0x0 [0168.580] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0168.580] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0168.580] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0168.580] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6be9388 | out: apObjects=0xc16418*=0xe3276c8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.581] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3276c8) returned 0x0 [0168.581] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.581] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.582] IUnknown:AddRef (This=0xe3276c8) returned 0x3 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3276cc) returned 0x0 [0168.582] IMarshal:GetUnmarshalClass (in: This=0xe3276cc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.582] IUnknown:Release (This=0xe3276cc) returned 0x3 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.582] IUnknown:Release (This=0xe3276c8) returned 0x2 [0168.582] IUnknown:QueryInterface (in: This=0xe3276c8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3276c8) returned 0x0 [0168.583] IUnknown:AddRef (This=0xe3276c8) returned 0x4 [0168.583] IUnknown:Release (This=0xe3276c8) returned 0x3 [0168.583] IUnknown:Release (This=0xe3276c8) returned 0x2 [0168.583] CoTaskMemFree (pv=0xc16418) [0168.583] IUnknown:AddRef (This=0xe3276c8) returned 0x3 [0168.583] IWbemClassObject:Get (in: This=0xe3276c8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.583] IWbemClassObject:Get (in: This=0xe3276c8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.583] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"") returned 0x5e [0168.583] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"") returned 0x5e [0168.583] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.583] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.584] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.584] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.584] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16548) returned 0x0 [0168.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.585] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3230d8) returned 0x0 [0168.585] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0168.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3230d8) returned 0x0 [0168.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.585] WbemDefPath:IUnknown:AddRef (This=0xe3230d8) returned 0x3 [0168.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d0c0) returned 0x0 [0168.586] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d0c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.586] WbemDefPath:IUnknown:Release (This=0xe32d0c0) returned 0x3 [0168.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.586] WbemDefPath:IUnknown:Release (This=0xe3230d8) returned 0x2 [0168.586] WbemDefPath:IUnknown:Release (This=0xe3230d8) returned 0x1 [0168.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3230d8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3230d8) returned 0x0 [0168.586] WbemDefPath:IUnknown:AddRef (This=0xe3230d8) returned 0x3 [0168.586] WbemDefPath:IUnknown:Release (This=0xe3230d8) returned 0x2 [0168.586] WbemDefPath:IWbemPath:SetText (This=0xe3230d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"") returned 0x0 [0168.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.586] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.586] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.587] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.587] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.587] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.587] IWbemClassObject:Get (in: This=0xe3276c8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0caa0*=0, plFlavor=0x6c0caa4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x6c0caa0*=8, plFlavor=0x6c0caa4*=0) returned 0x0 [0168.587] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0168.587] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0168.587] IWbemClassObject:Get (in: This=0xe3276c8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0caa0*=8, plFlavor=0x6c0caa4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x6c0caa0*=8, plFlavor=0x6c0caa4*=0) returned 0x0 [0168.587] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0168.587] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0168.587] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0168.587] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6be9388 | out: apObjects=0xc16408*=0xe3281f0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3281f0) returned 0x0 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.589] IUnknown:AddRef (This=0xe3281f0) returned 0x3 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.589] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3281f4) returned 0x0 [0168.590] IMarshal:GetUnmarshalClass (in: This=0xe3281f4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.590] IUnknown:Release (This=0xe3281f4) returned 0x3 [0168.590] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.590] IUnknown:Release (This=0xe3281f0) returned 0x2 [0168.590] IUnknown:QueryInterface (in: This=0xe3281f0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3281f0) returned 0x0 [0168.590] IUnknown:AddRef (This=0xe3281f0) returned 0x4 [0168.590] IUnknown:Release (This=0xe3281f0) returned 0x3 [0168.590] IUnknown:Release (This=0xe3281f0) returned 0x2 [0168.590] CoTaskMemFree (pv=0xc16408) [0168.590] IUnknown:AddRef (This=0xe3281f0) returned 0x3 [0168.590] IWbemClassObject:Get (in: This=0xe3281f0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.591] IWbemClassObject:Get (in: This=0xe3281f0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.591] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"") returned 0x5e [0168.591] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"") returned 0x5e [0168.591] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.591] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.591] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.591] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.592] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.592] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.592] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3229d8) returned 0x0 [0168.592] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.592] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3229d8) returned 0x0 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.593] WbemDefPath:IUnknown:AddRef (This=0xe3229d8) returned 0x3 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32cfe8) returned 0x0 [0168.593] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32cfe8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.593] WbemDefPath:IUnknown:Release (This=0xe32cfe8) returned 0x3 [0168.593] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.594] WbemDefPath:IUnknown:Release (This=0xe3229d8) returned 0x2 [0168.594] WbemDefPath:IUnknown:Release (This=0xe3229d8) returned 0x1 [0168.594] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3229d8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3229d8) returned 0x0 [0168.594] WbemDefPath:IUnknown:AddRef (This=0xe3229d8) returned 0x3 [0168.594] WbemDefPath:IUnknown:Release (This=0xe3229d8) returned 0x2 [0168.594] WbemDefPath:IWbemPath:SetText (This=0xe3229d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"") returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.594] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.594] IWbemClassObject:Get (in: This=0xe3281f0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0d368*=0, plFlavor=0x6c0d36c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x6c0d368*=8, plFlavor=0x6c0d36c*=0) returned 0x0 [0168.594] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0168.594] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0168.595] IWbemClassObject:Get (in: This=0xe3281f0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0d368*=8, plFlavor=0x6c0d36c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x6c0d368*=8, plFlavor=0x6c0d36c*=0) returned 0x0 [0168.595] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0168.595] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0168.595] CoTaskMemAlloc (cb=0x4) returned 0xc16568 [0168.595] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16568, puReturned=0x6be9388 | out: apObjects=0xc16568*=0xe326a08, puReturned=0x6be9388*=0x1) returned 0x0 [0168.642] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe326a08) returned 0x0 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.643] IUnknown:AddRef (This=0xe326a08) returned 0x3 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.643] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe326a0c) returned 0x0 [0168.643] IMarshal:GetUnmarshalClass (in: This=0xe326a0c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.643] IUnknown:Release (This=0xe326a0c) returned 0x3 [0168.644] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.644] IUnknown:Release (This=0xe326a08) returned 0x2 [0168.644] IUnknown:QueryInterface (in: This=0xe326a08, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe326a08) returned 0x0 [0168.644] IUnknown:AddRef (This=0xe326a08) returned 0x4 [0168.644] IUnknown:Release (This=0xe326a08) returned 0x3 [0168.644] IUnknown:Release (This=0xe326a08) returned 0x2 [0168.644] CoTaskMemFree (pv=0xc16568) [0168.644] IUnknown:AddRef (This=0xe326a08) returned 0x3 [0168.644] IWbemClassObject:Get (in: This=0xe326a08, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.644] IWbemClassObject:Get (in: This=0xe326a08, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.645] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"") returned 0x5e [0168.645] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"") returned 0x5e [0168.645] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.645] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.645] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.645] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.646] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16488) returned 0x0 [0168.646] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.646] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe323148) returned 0x0 [0168.646] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0168.646] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe323148) returned 0x0 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.647] WbemDefPath:IUnknown:AddRef (This=0xe323148) returned 0x3 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d438) returned 0x0 [0168.647] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d438, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.647] WbemDefPath:IUnknown:Release (This=0xe32d438) returned 0x3 [0168.647] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.648] WbemDefPath:IUnknown:Release (This=0xe323148) returned 0x2 [0168.648] WbemDefPath:IUnknown:Release (This=0xe323148) returned 0x1 [0168.648] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323148, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe323148) returned 0x0 [0168.648] WbemDefPath:IUnknown:AddRef (This=0xe323148) returned 0x3 [0168.648] WbemDefPath:IUnknown:Release (This=0xe323148) returned 0x2 [0168.648] WbemDefPath:IWbemPath:SetText (This=0xe323148, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"") returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.648] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.648] IWbemClassObject:Get (in: This=0xe326a08, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0dc18*=0, plFlavor=0x6c0dc1c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x6c0dc18*=8, plFlavor=0x6c0dc1c*=0) returned 0x0 [0168.648] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0168.648] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0168.649] IWbemClassObject:Get (in: This=0xe326a08, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0dc18*=8, plFlavor=0x6c0dc1c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x6c0dc18*=8, plFlavor=0x6c0dc1c*=0) returned 0x0 [0168.649] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0168.649] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0168.649] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0168.649] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6be9388 | out: apObjects=0xc16518*=0xe327d28, puReturned=0x6be9388*=0x1) returned 0x0 [0168.650] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327d28) returned 0x0 [0168.650] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.650] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.650] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.651] IUnknown:AddRef (This=0xe327d28) returned 0x3 [0168.651] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.651] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.651] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327d2c) returned 0x0 [0168.651] IMarshal:GetUnmarshalClass (in: This=0xe327d2c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.651] IUnknown:Release (This=0xe327d2c) returned 0x3 [0168.652] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.652] IUnknown:Release (This=0xe327d28) returned 0x2 [0168.652] IUnknown:QueryInterface (in: This=0xe327d28, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327d28) returned 0x0 [0168.652] IUnknown:AddRef (This=0xe327d28) returned 0x4 [0168.652] IUnknown:Release (This=0xe327d28) returned 0x3 [0168.652] IUnknown:Release (This=0xe327d28) returned 0x2 [0168.652] CoTaskMemFree (pv=0xc16518) [0168.652] IUnknown:AddRef (This=0xe327d28) returned 0x3 [0168.652] IWbemClassObject:Get (in: This=0xe327d28, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.652] IWbemClassObject:Get (in: This=0xe327d28, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.653] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"") returned 0x5e [0168.653] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"") returned 0x5e [0168.653] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.653] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.653] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.653] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.654] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164c8) returned 0x0 [0168.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.654] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322818) returned 0x0 [0168.654] WbemDefPath:IUnknown:Release (This=0xc164c8) returned 0x0 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322818) returned 0x0 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.655] WbemDefPath:IUnknown:AddRef (This=0xe322818) returned 0x3 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d720) returned 0x0 [0168.655] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d720, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.655] WbemDefPath:IUnknown:Release (This=0xe32d720) returned 0x3 [0168.656] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.656] WbemDefPath:IUnknown:Release (This=0xe322818) returned 0x2 [0168.656] WbemDefPath:IUnknown:Release (This=0xe322818) returned 0x1 [0168.656] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322818, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322818) returned 0x0 [0168.656] WbemDefPath:IUnknown:AddRef (This=0xe322818) returned 0x3 [0168.656] WbemDefPath:IUnknown:Release (This=0xe322818) returned 0x2 [0168.656] WbemDefPath:IWbemPath:SetText (This=0xe322818, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"") returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.656] IWbemClassObject:Get (in: This=0xe327d28, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0e4c0*=0, plFlavor=0x6c0e4c4*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x6c0e4c0*=8, plFlavor=0x6c0e4c4*=0) returned 0x0 [0168.657] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0168.657] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0168.657] IWbemClassObject:Get (in: This=0xe327d28, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0e4c0*=8, plFlavor=0x6c0e4c4*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x6c0e4c0*=8, plFlavor=0x6c0e4c4*=0) returned 0x0 [0168.657] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0168.657] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0168.657] CoTaskMemAlloc (cb=0x4) returned 0xc164c8 [0168.657] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164c8, puReturned=0x6be9388 | out: apObjects=0xc164c8*=0xe328388, puReturned=0x6be9388*=0x1) returned 0x0 [0168.659] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe328388) returned 0x0 [0168.659] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.659] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.659] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.659] IUnknown:AddRef (This=0xe328388) returned 0x3 [0168.659] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.660] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.660] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe32838c) returned 0x0 [0168.660] IMarshal:GetUnmarshalClass (in: This=0xe32838c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.660] IUnknown:Release (This=0xe32838c) returned 0x3 [0168.660] IUnknown:QueryInterface (in: This=0xe328388, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.660] IUnknown:Release (This=0xe328388) returned 0x2 [0168.660] IUnknown:QueryInterface (in: This=0xe328388, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe328388) returned 0x0 [0168.660] IUnknown:AddRef (This=0xe328388) returned 0x4 [0168.660] IUnknown:Release (This=0xe328388) returned 0x3 [0168.660] IUnknown:Release (This=0xe328388) returned 0x2 [0168.660] CoTaskMemFree (pv=0xc164c8) [0168.661] IUnknown:AddRef (This=0xe328388) returned 0x3 [0168.661] IWbemClassObject:Get (in: This=0xe328388, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.661] IWbemClassObject:Get (in: This=0xe328388, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.661] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"") returned 0x5e [0168.661] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"") returned 0x5e [0168.661] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.661] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.661] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.661] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.662] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163f8) returned 0x0 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.663] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322888) returned 0x0 [0168.663] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322888) returned 0x0 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.663] WbemDefPath:IUnknown:AddRef (This=0xe322888) returned 0x3 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.663] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d630) returned 0x0 [0168.664] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d630, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.664] WbemDefPath:IUnknown:Release (This=0xe32d630) returned 0x3 [0168.664] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.664] WbemDefPath:IUnknown:Release (This=0xe322888) returned 0x2 [0168.664] WbemDefPath:IUnknown:Release (This=0xe322888) returned 0x1 [0168.664] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322888, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322888) returned 0x0 [0168.664] WbemDefPath:IUnknown:AddRef (This=0xe322888) returned 0x3 [0168.664] WbemDefPath:IUnknown:Release (This=0xe322888) returned 0x2 [0168.664] WbemDefPath:IWbemPath:SetText (This=0xe322888, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"") returned 0x0 [0168.664] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.664] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.665] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.665] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.665] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.665] IWbemClassObject:Get (in: This=0xe328388, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0ed70*=0, plFlavor=0x6c0ed74*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x6c0ed70*=8, plFlavor=0x6c0ed74*=0) returned 0x0 [0168.665] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0168.665] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0168.665] IWbemClassObject:Get (in: This=0xe328388, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0ed70*=8, plFlavor=0x6c0ed74*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x6c0ed70*=8, plFlavor=0x6c0ed74*=0) returned 0x0 [0168.665] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0168.665] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0168.665] CoTaskMemAlloc (cb=0x4) returned 0xc16448 [0168.666] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16448, puReturned=0x6be9388 | out: apObjects=0xc16448*=0xe327398, puReturned=0x6be9388*=0x1) returned 0x0 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327398) returned 0x0 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.667] IUnknown:AddRef (This=0xe327398) returned 0x3 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.667] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe32739c) returned 0x0 [0168.667] IMarshal:GetUnmarshalClass (in: This=0xe32739c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.667] IUnknown:Release (This=0xe32739c) returned 0x3 [0168.668] IUnknown:QueryInterface (in: This=0xe327398, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.668] IUnknown:Release (This=0xe327398) returned 0x2 [0168.668] IUnknown:QueryInterface (in: This=0xe327398, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327398) returned 0x0 [0168.668] IUnknown:AddRef (This=0xe327398) returned 0x4 [0168.668] IUnknown:Release (This=0xe327398) returned 0x3 [0168.668] IUnknown:Release (This=0xe327398) returned 0x2 [0168.668] CoTaskMemFree (pv=0xc16448) [0168.668] IUnknown:AddRef (This=0xe327398) returned 0x3 [0168.668] IWbemClassObject:Get (in: This=0xe327398, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.669] IWbemClassObject:Get (in: This=0xe327398, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.669] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"") returned 0x5e [0168.669] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"") returned 0x5e [0168.669] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.669] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.669] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.669] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.671] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.671] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3226c8) returned 0x0 [0168.671] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3226c8) returned 0x0 [0168.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.672] WbemDefPath:IUnknown:AddRef (This=0xe3226c8) returned 0x3 [0168.672] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.672] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.672] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d7c8) returned 0x0 [0168.672] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d7c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.672] WbemDefPath:IUnknown:Release (This=0xe32d7c8) returned 0x3 [0168.672] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.672] WbemDefPath:IUnknown:Release (This=0xe3226c8) returned 0x2 [0168.673] WbemDefPath:IUnknown:Release (This=0xe3226c8) returned 0x1 [0168.673] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3226c8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3226c8) returned 0x0 [0168.673] WbemDefPath:IUnknown:AddRef (This=0xe3226c8) returned 0x3 [0168.673] WbemDefPath:IUnknown:Release (This=0xe3226c8) returned 0x2 [0168.673] WbemDefPath:IWbemPath:SetText (This=0xe3226c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"") returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.673] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.673] IWbemClassObject:Get (in: This=0xe327398, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0f638*=0, plFlavor=0x6c0f63c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x6c0f638*=8, plFlavor=0x6c0f63c*=0) returned 0x0 [0168.674] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0168.674] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0168.674] IWbemClassObject:Get (in: This=0xe327398, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0f638*=8, plFlavor=0x6c0f63c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x6c0f638*=8, plFlavor=0x6c0f63c*=0) returned 0x0 [0168.674] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0168.674] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0168.674] CoTaskMemAlloc (cb=0x4) returned 0xc16428 [0168.674] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16428, puReturned=0x6be9388 | out: apObjects=0xc16428*=0xe3286b8, puReturned=0x6be9388*=0x1) returned 0x0 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe3286b8) returned 0x0 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.923] IUnknown:AddRef (This=0xe3286b8) returned 0x3 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.923] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe3286bc) returned 0x0 [0168.924] IMarshal:GetUnmarshalClass (in: This=0xe3286bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.924] IUnknown:Release (This=0xe3286bc) returned 0x3 [0168.924] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.924] IUnknown:Release (This=0xe3286b8) returned 0x2 [0168.924] IUnknown:QueryInterface (in: This=0xe3286b8, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe3286b8) returned 0x0 [0168.924] IUnknown:AddRef (This=0xe3286b8) returned 0x4 [0168.924] IUnknown:Release (This=0xe3286b8) returned 0x3 [0168.924] IUnknown:Release (This=0xe3286b8) returned 0x2 [0168.924] CoTaskMemFree (pv=0xc16428) [0168.924] IUnknown:AddRef (This=0xe3286b8) returned 0x3 [0168.924] IWbemClassObject:Get (in: This=0xe3286b8, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.925] IWbemClassObject:Get (in: This=0xe3286b8, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.925] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x5e [0168.925] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x5e [0168.925] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.925] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.925] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.925] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.926] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16468) returned 0x0 [0168.926] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.926] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16468, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3223b8) returned 0x0 [0168.927] WbemDefPath:IUnknown:Release (This=0xc16468) returned 0x0 [0168.927] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3223b8) returned 0x0 [0168.927] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.928] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.928] WbemDefPath:IUnknown:AddRef (This=0xe3223b8) returned 0x3 [0168.928] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.928] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.928] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32d918) returned 0x0 [0168.928] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d918, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.928] WbemDefPath:IUnknown:Release (This=0xe32d918) returned 0x3 [0168.929] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.929] WbemDefPath:IUnknown:Release (This=0xe3223b8) returned 0x2 [0168.929] WbemDefPath:IUnknown:Release (This=0xe3223b8) returned 0x1 [0168.929] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3223b8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3223b8) returned 0x0 [0168.929] WbemDefPath:IUnknown:AddRef (This=0xe3223b8) returned 0x3 [0168.929] WbemDefPath:IUnknown:Release (This=0xe3223b8) returned 0x2 [0168.929] WbemDefPath:IWbemPath:SetText (This=0xe3223b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x0 [0168.929] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.929] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.930] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.930] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.930] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.930] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.930] IWbemClassObject:Get (in: This=0xe3286b8, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0fee8*=0, plFlavor=0x6c0feec*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x6c0fee8*=8, plFlavor=0x6c0feec*=0) returned 0x0 [0168.930] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0168.930] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0168.930] IWbemClassObject:Get (in: This=0xe3286b8, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c0fee8*=8, plFlavor=0x6c0feec*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x6c0fee8*=8, plFlavor=0x6c0feec*=0) returned 0x0 [0168.930] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0168.931] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0168.931] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0168.931] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6be9388 | out: apObjects=0xc16468*=0xe326ba0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.935] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe326ba0) returned 0x0 [0168.935] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.935] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.935] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.936] IUnknown:AddRef (This=0xe326ba0) returned 0x3 [0168.936] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.936] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.936] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe326ba4) returned 0x0 [0168.936] IMarshal:GetUnmarshalClass (in: This=0xe326ba4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.936] IUnknown:Release (This=0xe326ba4) returned 0x3 [0168.936] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.936] IUnknown:Release (This=0xe326ba0) returned 0x2 [0168.936] IUnknown:QueryInterface (in: This=0xe326ba0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe326ba0) returned 0x0 [0168.936] IUnknown:AddRef (This=0xe326ba0) returned 0x4 [0168.937] IUnknown:Release (This=0xe326ba0) returned 0x3 [0168.937] IUnknown:Release (This=0xe326ba0) returned 0x2 [0168.937] CoTaskMemFree (pv=0xc16468) [0168.937] IUnknown:AddRef (This=0xe326ba0) returned 0x3 [0168.937] IWbemClassObject:Get (in: This=0xe326ba0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.937] IWbemClassObject:Get (in: This=0xe326ba0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.937] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x5e [0168.937] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x5e [0168.937] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.937] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.938] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.938] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.939] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164b8) returned 0x0 [0168.939] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.939] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3228f8) returned 0x0 [0168.939] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0168.939] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3228f8) returned 0x0 [0168.939] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.939] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.940] WbemDefPath:IUnknown:AddRef (This=0xe3228f8) returned 0x3 [0168.940] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.940] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.940] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32dc48) returned 0x0 [0168.940] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32dc48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.940] WbemDefPath:IUnknown:Release (This=0xe32dc48) returned 0x3 [0168.940] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.940] WbemDefPath:IUnknown:Release (This=0xe3228f8) returned 0x2 [0168.940] WbemDefPath:IUnknown:Release (This=0xe3228f8) returned 0x1 [0168.940] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3228f8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3228f8) returned 0x0 [0168.940] WbemDefPath:IUnknown:AddRef (This=0xe3228f8) returned 0x3 [0168.940] WbemDefPath:IUnknown:Release (This=0xe3228f8) returned 0x2 [0168.941] WbemDefPath:IWbemPath:SetText (This=0xe3228f8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.941] IWbemClassObject:Get (in: This=0xe326ba0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c10798*=0, plFlavor=0x6c1079c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x6c10798*=8, plFlavor=0x6c1079c*=0) returned 0x0 [0168.941] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0168.941] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0168.941] IWbemClassObject:Get (in: This=0xe326ba0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c10798*=8, plFlavor=0x6c1079c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x6c10798*=8, plFlavor=0x6c1079c*=0) returned 0x0 [0168.941] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0168.941] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0168.941] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0168.942] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xe327530, puReturned=0x6be9388*=0x1) returned 0x0 [0168.944] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327530) returned 0x0 [0168.944] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.944] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.944] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.945] IUnknown:AddRef (This=0xe327530) returned 0x3 [0168.945] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.945] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.945] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327534) returned 0x0 [0168.945] IMarshal:GetUnmarshalClass (in: This=0xe327534, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.945] IUnknown:Release (This=0xe327534) returned 0x3 [0168.945] IUnknown:QueryInterface (in: This=0xe327530, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.945] IUnknown:Release (This=0xe327530) returned 0x2 [0168.946] IUnknown:QueryInterface (in: This=0xe327530, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327530) returned 0x0 [0168.946] IUnknown:AddRef (This=0xe327530) returned 0x4 [0168.946] IUnknown:Release (This=0xe327530) returned 0x3 [0168.946] IUnknown:Release (This=0xe327530) returned 0x2 [0168.946] CoTaskMemFree (pv=0xc16508) [0168.947] IUnknown:AddRef (This=0xe327530) returned 0x3 [0168.947] IWbemClassObject:Get (in: This=0xe327530, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.947] IWbemClassObject:Get (in: This=0xe327530, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.947] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x5e [0168.947] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x5e [0168.947] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.947] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.948] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.948] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.949] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16498) returned 0x0 [0168.950] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16498, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.950] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16498, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322ab8) returned 0x0 [0168.950] WbemDefPath:IUnknown:Release (This=0xc16498) returned 0x0 [0168.950] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322ab8) returned 0x0 [0168.950] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.950] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.956] WbemDefPath:IUnknown:AddRef (This=0xe322ab8) returned 0x3 [0168.956] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.956] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.956] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32db40) returned 0x0 [0168.956] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32db40, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.957] WbemDefPath:IUnknown:Release (This=0xe32db40) returned 0x3 [0168.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.957] WbemDefPath:IUnknown:Release (This=0xe322ab8) returned 0x2 [0168.957] WbemDefPath:IUnknown:Release (This=0xe322ab8) returned 0x1 [0168.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ab8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322ab8) returned 0x0 [0168.957] WbemDefPath:IUnknown:AddRef (This=0xe322ab8) returned 0x3 [0168.957] WbemDefPath:IUnknown:Release (This=0xe322ab8) returned 0x2 [0168.957] WbemDefPath:IWbemPath:SetText (This=0xe322ab8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x0 [0168.957] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.958] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.958] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.958] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.958] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.958] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.958] IWbemClassObject:Get (in: This=0xe327530, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c11068*=0, plFlavor=0x6c1106c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x6c11068*=8, plFlavor=0x6c1106c*=0) returned 0x0 [0168.958] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0168.958] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0168.958] IWbemClassObject:Get (in: This=0xe327530, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c11068*=8, plFlavor=0x6c1106c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x6c11068*=8, plFlavor=0x6c1106c*=0) returned 0x0 [0168.958] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0168.958] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0168.959] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0168.959] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6be9388 | out: apObjects=0xc16408*=0xe326d38, puReturned=0x6be9388*=0x1) returned 0x0 [0168.960] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe326d38) returned 0x0 [0168.960] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.960] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.960] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.960] IUnknown:AddRef (This=0xe326d38) returned 0x3 [0168.961] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.961] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.961] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe326d3c) returned 0x0 [0168.961] IMarshal:GetUnmarshalClass (in: This=0xe326d3c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.961] IUnknown:Release (This=0xe326d3c) returned 0x3 [0168.961] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.961] IUnknown:Release (This=0xe326d38) returned 0x2 [0168.961] IUnknown:QueryInterface (in: This=0xe326d38, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe326d38) returned 0x0 [0168.962] IUnknown:AddRef (This=0xe326d38) returned 0x4 [0168.962] IUnknown:Release (This=0xe326d38) returned 0x3 [0168.962] IUnknown:Release (This=0xe326d38) returned 0x2 [0168.962] CoTaskMemFree (pv=0xc16408) [0168.962] IUnknown:AddRef (This=0xe326d38) returned 0x3 [0168.962] IWbemClassObject:Get (in: This=0xe326d38, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.962] IWbemClassObject:Get (in: This=0xe326d38, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4144\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.962] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4144\"") returned 0x5e [0168.962] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4144\"") returned 0x5e [0168.962] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.963] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.963] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.963] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.964] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16438) returned 0x0 [0168.964] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.964] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322b28) returned 0x0 [0168.965] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0168.965] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322b28) returned 0x0 [0168.965] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.965] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.967] WbemDefPath:IUnknown:AddRef (This=0xe322b28) returned 0x3 [0168.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32e068) returned 0x0 [0168.967] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e068, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.967] WbemDefPath:IUnknown:Release (This=0xe32e068) returned 0x3 [0168.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.967] WbemDefPath:IUnknown:Release (This=0xe322b28) returned 0x2 [0168.968] WbemDefPath:IUnknown:Release (This=0xe322b28) returned 0x1 [0168.968] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b28, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322b28) returned 0x0 [0168.968] WbemDefPath:IUnknown:AddRef (This=0xe322b28) returned 0x3 [0168.968] WbemDefPath:IUnknown:Release (This=0xe322b28) returned 0x2 [0168.968] WbemDefPath:IWbemPath:SetText (This=0xe322b28, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4144\"") returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.968] IWbemClassObject:Get (in: This=0xe326d38, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c11910*=0, plFlavor=0x6c11914*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trainingscore.exe", varVal2=0x0), pType=0x6c11910*=8, plFlavor=0x6c11914*=0) returned 0x0 [0168.968] SysStringByteLen (bstr="trainingscore.exe") returned 0x22 [0168.969] SysStringByteLen (bstr="trainingscore.exe") returned 0x22 [0168.969] IWbemClassObject:Get (in: This=0xe326d38, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c11910*=8, plFlavor=0x6c11914*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trainingscore.exe", varVal2=0x0), pType=0x6c11910*=8, plFlavor=0x6c11914*=0) returned 0x0 [0168.969] SysStringByteLen (bstr="trainingscore.exe") returned 0x22 [0168.969] SysStringByteLen (bstr="trainingscore.exe") returned 0x22 [0168.969] CoTaskMemAlloc (cb=0x4) returned 0xc16528 [0168.969] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16528, puReturned=0x6be9388 | out: apObjects=0xc16528*=0xe326ed0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.970] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe326ed0) returned 0x0 [0168.970] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.971] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.971] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.971] IUnknown:AddRef (This=0xe326ed0) returned 0x3 [0168.971] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.971] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.971] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe326ed4) returned 0x0 [0168.971] IMarshal:GetUnmarshalClass (in: This=0xe326ed4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.971] IUnknown:Release (This=0xe326ed4) returned 0x3 [0168.972] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.972] IUnknown:Release (This=0xe326ed0) returned 0x2 [0168.972] IUnknown:QueryInterface (in: This=0xe326ed0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe326ed0) returned 0x0 [0168.972] IUnknown:AddRef (This=0xe326ed0) returned 0x4 [0168.972] IUnknown:Release (This=0xe326ed0) returned 0x3 [0168.972] IUnknown:Release (This=0xe326ed0) returned 0x2 [0168.972] CoTaskMemFree (pv=0xc16528) [0168.972] IUnknown:AddRef (This=0xe326ed0) returned 0x3 [0168.972] IWbemClassObject:Get (in: This=0xe326ed0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.973] IWbemClassObject:Get (in: This=0xe326ed0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4152\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.973] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4152\"") returned 0x5e [0168.973] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4152\"") returned 0x5e [0168.973] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.973] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.973] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.974] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.975] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0168.975] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.975] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322b98) returned 0x0 [0168.975] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0168.975] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322b98) returned 0x0 [0168.975] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.976] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.976] WbemDefPath:IUnknown:AddRef (This=0xe322b98) returned 0x3 [0168.976] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.976] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.976] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32de28) returned 0x0 [0168.976] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32de28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.976] WbemDefPath:IUnknown:Release (This=0xe32de28) returned 0x3 [0168.977] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.977] WbemDefPath:IUnknown:Release (This=0xe322b98) returned 0x2 [0168.977] WbemDefPath:IUnknown:Release (This=0xe322b98) returned 0x1 [0168.977] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322b98, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322b98) returned 0x0 [0168.977] WbemDefPath:IUnknown:AddRef (This=0xe322b98) returned 0x3 [0168.977] WbemDefPath:IUnknown:Release (This=0xe322b98) returned 0x2 [0168.977] WbemDefPath:IWbemPath:SetText (This=0xe322b98, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4152\"") returned 0x0 [0168.977] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.977] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.977] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.981] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.981] IWbemClassObject:Get (in: This=0xe326ed0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c121d8*=0, plFlavor=0x6c121dc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="available win industry.exe", varVal2=0x0), pType=0x6c121d8*=8, plFlavor=0x6c121dc*=0) returned 0x0 [0168.981] SysStringByteLen (bstr="available win industry.exe") returned 0x34 [0168.981] SysStringByteLen (bstr="available win industry.exe") returned 0x34 [0168.981] IWbemClassObject:Get (in: This=0xe326ed0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c121d8*=8, plFlavor=0x6c121dc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="available win industry.exe", varVal2=0x0), pType=0x6c121d8*=8, plFlavor=0x6c121dc*=0) returned 0x0 [0168.981] SysStringByteLen (bstr="available win industry.exe") returned 0x34 [0168.981] SysStringByteLen (bstr="available win industry.exe") returned 0x34 [0168.982] CoTaskMemAlloc (cb=0x4) returned 0xc163b8 [0168.982] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163b8, puReturned=0x6be9388 | out: apObjects=0xc163b8*=0xe327ec0, puReturned=0x6be9388*=0x1) returned 0x0 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327ec0) returned 0x0 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.983] IUnknown:AddRef (This=0xe327ec0) returned 0x3 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.983] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327ec4) returned 0x0 [0168.983] IMarshal:GetUnmarshalClass (in: This=0xe327ec4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.983] IUnknown:Release (This=0xe327ec4) returned 0x3 [0168.984] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.984] IUnknown:Release (This=0xe327ec0) returned 0x2 [0168.984] IUnknown:QueryInterface (in: This=0xe327ec0, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327ec0) returned 0x0 [0168.984] IUnknown:AddRef (This=0xe327ec0) returned 0x4 [0168.984] IUnknown:Release (This=0xe327ec0) returned 0x3 [0168.984] IUnknown:Release (This=0xe327ec0) returned 0x2 [0168.984] CoTaskMemFree (pv=0xc163b8) [0168.984] IUnknown:AddRef (This=0xe327ec0) returned 0x3 [0168.984] IWbemClassObject:Get (in: This=0xe327ec0, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.984] IWbemClassObject:Get (in: This=0xe327ec0, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4168\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0168.984] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4168\"") returned 0x5e [0168.985] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4168\"") returned 0x5e [0168.985] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0168.985] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0168.985] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0168.985] IUnknown:Release (This=0xb71a3c) returned 0x1 [0168.986] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164c8) returned 0x0 [0168.986] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0168.986] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322c78) returned 0x0 [0168.986] WbemDefPath:IUnknown:Release (This=0xc164c8) returned 0x0 [0168.986] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322c78) returned 0x0 [0168.986] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0168.986] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0168.987] WbemDefPath:IUnknown:AddRef (This=0xe322c78) returned 0x3 [0168.987] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0168.987] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0168.987] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32e320) returned 0x0 [0168.987] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e320, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.987] WbemDefPath:IUnknown:Release (This=0xe32e320) returned 0x3 [0168.987] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0168.987] WbemDefPath:IUnknown:Release (This=0xe322c78) returned 0x2 [0168.987] WbemDefPath:IUnknown:Release (This=0xe322c78) returned 0x1 [0168.988] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322c78, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322c78) returned 0x0 [0168.988] WbemDefPath:IUnknown:AddRef (This=0xe322c78) returned 0x3 [0168.988] WbemDefPath:IUnknown:Release (This=0xe322c78) returned 0x2 [0168.988] WbemDefPath:IWbemPath:SetText (This=0xe322c78, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4168\"") returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0168.988] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0168.988] IWbemClassObject:Get (in: This=0xe327ec0, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c12ac8*=0, plFlavor=0x6c12acc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="vote herself.exe", varVal2=0x0), pType=0x6c12ac8*=8, plFlavor=0x6c12acc*=0) returned 0x0 [0168.988] SysStringByteLen (bstr="vote herself.exe") returned 0x20 [0168.988] SysStringByteLen (bstr="vote herself.exe") returned 0x20 [0168.988] IWbemClassObject:Get (in: This=0xe327ec0, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c12ac8*=8, plFlavor=0x6c12acc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="vote herself.exe", varVal2=0x0), pType=0x6c12ac8*=8, plFlavor=0x6c12acc*=0) returned 0x0 [0168.988] SysStringByteLen (bstr="vote herself.exe") returned 0x20 [0168.989] SysStringByteLen (bstr="vote herself.exe") returned 0x20 [0168.989] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0168.989] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6be9388 | out: apObjects=0xc164b8*=0xe327068, puReturned=0x6be9388*=0x1) returned 0x0 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327068) returned 0x0 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0168.998] IUnknown:AddRef (This=0xe327068) returned 0x3 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0168.998] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe32706c) returned 0x0 [0168.998] IMarshal:GetUnmarshalClass (in: This=0xe32706c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0168.999] IUnknown:Release (This=0xe32706c) returned 0x3 [0168.999] IUnknown:QueryInterface (in: This=0xe327068, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0168.999] IUnknown:Release (This=0xe327068) returned 0x2 [0168.999] IUnknown:QueryInterface (in: This=0xe327068, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327068) returned 0x0 [0168.999] IUnknown:AddRef (This=0xe327068) returned 0x4 [0168.999] IUnknown:Release (This=0xe327068) returned 0x3 [0168.999] IUnknown:Release (This=0xe327068) returned 0x2 [0168.999] CoTaskMemFree (pv=0xc164b8) [0168.999] IUnknown:AddRef (This=0xe327068) returned 0x3 [0168.999] IWbemClassObject:Get (in: This=0xe327068, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0168.999] IWbemClassObject:Get (in: This=0xe327068, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4180\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0169.000] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4180\"") returned 0x5e [0169.000] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4180\"") returned 0x5e [0169.000] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.000] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.000] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.000] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.001] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc164e8) returned 0x0 [0169.001] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.001] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe322ce8) returned 0x0 [0169.001] WbemDefPath:IUnknown:Release (This=0xc164e8) returned 0x0 [0169.001] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe322ce8) returned 0x0 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.002] WbemDefPath:IUnknown:AddRef (This=0xe322ce8) returned 0x3 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32e518) returned 0x0 [0169.002] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e518, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.002] WbemDefPath:IUnknown:Release (This=0xe32e518) returned 0x3 [0169.002] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.003] WbemDefPath:IUnknown:Release (This=0xe322ce8) returned 0x2 [0169.003] WbemDefPath:IUnknown:Release (This=0xe322ce8) returned 0x1 [0169.003] WbemDefPath:IUnknown:QueryInterface (in: This=0xe322ce8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe322ce8) returned 0x0 [0169.003] WbemDefPath:IUnknown:AddRef (This=0xe322ce8) returned 0x3 [0169.003] WbemDefPath:IUnknown:Release (This=0xe322ce8) returned 0x2 [0169.003] WbemDefPath:IWbemPath:SetText (This=0xe322ce8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4180\"") returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.003] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.003] IWbemClassObject:Get (in: This=0xe327068, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c13390*=0, plFlavor=0x6c13394*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="physicalservetoo.exe", varVal2=0x0), pType=0x6c13390*=8, plFlavor=0x6c13394*=0) returned 0x0 [0169.004] SysStringByteLen (bstr="physicalservetoo.exe") returned 0x28 [0169.004] SysStringByteLen (bstr="physicalservetoo.exe") returned 0x28 [0169.004] IWbemClassObject:Get (in: This=0xe327068, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c13390*=8, plFlavor=0x6c13394*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="physicalservetoo.exe", varVal2=0x0), pType=0x6c13390*=8, plFlavor=0x6c13394*=0) returned 0x0 [0169.004] SysStringByteLen (bstr="physicalservetoo.exe") returned 0x28 [0169.004] SysStringByteLen (bstr="physicalservetoo.exe") returned 0x28 [0169.004] CoTaskMemAlloc (cb=0x4) returned 0xc163f8 [0169.004] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc163f8, puReturned=0x6be9388 | out: apObjects=0xc163f8*=0xe327b90, puReturned=0x6be9388*=0x1) returned 0x0 [0169.005] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327b90) returned 0x0 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0169.006] IUnknown:AddRef (This=0xe327b90) returned 0x3 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0169.006] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327b94) returned 0x0 [0169.006] IMarshal:GetUnmarshalClass (in: This=0xe327b94, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.006] IUnknown:Release (This=0xe327b94) returned 0x3 [0169.007] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0169.007] IUnknown:Release (This=0xe327b90) returned 0x2 [0169.007] IUnknown:QueryInterface (in: This=0xe327b90, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327b90) returned 0x0 [0169.007] IUnknown:AddRef (This=0xe327b90) returned 0x4 [0169.007] IUnknown:Release (This=0xe327b90) returned 0x3 [0169.007] IUnknown:Release (This=0xe327b90) returned 0x2 [0169.007] CoTaskMemFree (pv=0xc163f8) [0169.007] IUnknown:AddRef (This=0xe327b90) returned 0x3 [0169.007] IWbemClassObject:Get (in: This=0xe327b90, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0169.007] IWbemClassObject:Get (in: This=0xe327b90, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4188\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0169.007] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4188\"") returned 0x5e [0169.007] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4188\"") returned 0x5e [0169.008] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.008] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.008] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.008] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.009] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163d8) returned 0x0 [0169.009] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.009] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe323228) returned 0x0 [0169.009] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0169.009] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe323228) returned 0x0 [0169.009] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.009] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.010] WbemDefPath:IUnknown:AddRef (This=0xe323228) returned 0x3 [0169.010] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.010] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.010] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32c628) returned 0x0 [0169.010] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c628, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.010] WbemDefPath:IUnknown:Release (This=0xe32c628) returned 0x3 [0169.011] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.011] WbemDefPath:IUnknown:Release (This=0xe323228) returned 0x2 [0169.011] WbemDefPath:IUnknown:Release (This=0xe323228) returned 0x1 [0169.011] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323228, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe323228) returned 0x0 [0169.011] WbemDefPath:IUnknown:AddRef (This=0xe323228) returned 0x3 [0169.011] WbemDefPath:IUnknown:Release (This=0xe323228) returned 0x2 [0169.011] WbemDefPath:IWbemPath:SetText (This=0xe323228, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4188\"") returned 0x0 [0169.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.011] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.011] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.011] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.012] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.012] IWbemClassObject:Get (in: This=0xe327b90, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c13c68*=0, plFlavor=0x6c13c6c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gomeasure.exe", varVal2=0x0), pType=0x6c13c68*=8, plFlavor=0x6c13c6c*=0) returned 0x0 [0169.012] SysStringByteLen (bstr="gomeasure.exe") returned 0x1a [0169.012] SysStringByteLen (bstr="gomeasure.exe") returned 0x1a [0169.012] IWbemClassObject:Get (in: This=0xe327b90, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c13c68*=8, plFlavor=0x6c13c6c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gomeasure.exe", varVal2=0x0), pType=0x6c13c68*=8, plFlavor=0x6c13c6c*=0) returned 0x0 [0169.012] SysStringByteLen (bstr="gomeasure.exe") returned 0x1a [0169.012] SysStringByteLen (bstr="gomeasure.exe") returned 0x1a [0169.012] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0169.012] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6be9388 | out: apObjects=0xc16488*=0xe327860, puReturned=0x6be9388*=0x1) returned 0x0 [0169.013] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327860) returned 0x0 [0169.013] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.013] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0169.013] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0169.014] IUnknown:AddRef (This=0xe327860) returned 0x3 [0169.014] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0169.014] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0169.014] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327864) returned 0x0 [0169.014] IMarshal:GetUnmarshalClass (in: This=0xe327864, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.014] IUnknown:Release (This=0xe327864) returned 0x3 [0169.014] IUnknown:QueryInterface (in: This=0xe327860, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0169.014] IUnknown:Release (This=0xe327860) returned 0x2 [0169.014] IUnknown:QueryInterface (in: This=0xe327860, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327860) returned 0x0 [0169.015] IUnknown:AddRef (This=0xe327860) returned 0x4 [0169.015] IUnknown:Release (This=0xe327860) returned 0x3 [0169.015] IUnknown:Release (This=0xe327860) returned 0x2 [0169.015] CoTaskMemFree (pv=0xc16488) [0169.015] IUnknown:AddRef (This=0xe327860) returned 0x3 [0169.015] IWbemClassObject:Get (in: This=0xe327860, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0169.015] IWbemClassObject:Get (in: This=0xe327860, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4404\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0169.015] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4404\"") returned 0x5e [0169.015] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4404\"") returned 0x5e [0169.015] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.015] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.015] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.015] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.017] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc16448) returned 0x0 [0169.017] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.017] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe323308) returned 0x0 [0169.017] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0169.017] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe323308) returned 0x0 [0169.017] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.017] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.018] WbemDefPath:IUnknown:AddRef (This=0xe323308) returned 0x3 [0169.018] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.018] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.018] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32c7f0) returned 0x0 [0169.018] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c7f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.018] WbemDefPath:IUnknown:Release (This=0xe32c7f0) returned 0x3 [0169.018] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.018] WbemDefPath:IUnknown:Release (This=0xe323308) returned 0x2 [0169.018] WbemDefPath:IUnknown:Release (This=0xe323308) returned 0x1 [0169.018] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323308, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe323308) returned 0x0 [0169.018] WbemDefPath:IUnknown:AddRef (This=0xe323308) returned 0x3 [0169.018] WbemDefPath:IUnknown:Release (This=0xe323308) returned 0x2 [0169.019] WbemDefPath:IWbemPath:SetText (This=0xe323308, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4404\"") returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.019] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.019] IWbemClassObject:Get (in: This=0xe327860, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c14520*=0, plFlavor=0x6c14524*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6c14520*=8, plFlavor=0x6c14524*=0) returned 0x0 [0169.019] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0169.019] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0169.019] IWbemClassObject:Get (in: This=0xe327860, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c14520*=8, plFlavor=0x6c14524*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6c14520*=8, plFlavor=0x6c14524*=0) returned 0x0 [0169.019] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0169.019] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0169.019] CoTaskMemAlloc (cb=0x4) returned 0xc16578 [0169.020] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16578, puReturned=0x6be9388 | out: apObjects=0xc16578*=0xe327200, puReturned=0x6be9388*=0x1) returned 0x0 [0169.020] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe327200) returned 0x0 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0169.021] IUnknown:AddRef (This=0xe327200) returned 0x3 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0169.021] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe327204) returned 0x0 [0169.021] IMarshal:GetUnmarshalClass (in: This=0xe327204, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.021] IUnknown:Release (This=0xe327204) returned 0x3 [0169.022] IUnknown:QueryInterface (in: This=0xe327200, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0169.022] IUnknown:Release (This=0xe327200) returned 0x2 [0169.022] IUnknown:QueryInterface (in: This=0xe327200, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe327200) returned 0x0 [0169.022] IUnknown:AddRef (This=0xe327200) returned 0x4 [0169.022] IUnknown:Release (This=0xe327200) returned 0x3 [0169.022] IUnknown:Release (This=0xe327200) returned 0x2 [0169.022] CoTaskMemFree (pv=0xc16578) [0169.022] IUnknown:AddRef (This=0xe327200) returned 0x3 [0169.022] IWbemClassObject:Get (in: This=0xe327200, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0169.022] IWbemClassObject:Get (in: This=0xe327200, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4844\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0169.022] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4844\"") returned 0x5e [0169.022] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4844\"") returned 0x5e [0169.022] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.023] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.023] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.023] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.024] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0169.024] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.024] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe3231b8) returned 0x0 [0169.024] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0169.024] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe3231b8) returned 0x0 [0169.024] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.024] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.025] WbemDefPath:IUnknown:AddRef (This=0xe3231b8) returned 0x3 [0169.025] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.025] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.025] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32c8b0) returned 0x0 [0169.025] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c8b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.025] WbemDefPath:IUnknown:Release (This=0xe32c8b0) returned 0x3 [0169.025] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.026] WbemDefPath:IUnknown:Release (This=0xe3231b8) returned 0x2 [0169.026] WbemDefPath:IUnknown:Release (This=0xe3231b8) returned 0x1 [0169.026] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3231b8, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe3231b8) returned 0x0 [0169.026] WbemDefPath:IUnknown:AddRef (This=0xe3231b8) returned 0x3 [0169.026] WbemDefPath:IUnknown:Release (This=0xe3231b8) returned 0x2 [0169.026] WbemDefPath:IWbemPath:SetText (This=0xe3231b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4844\"") returned 0x0 [0169.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.026] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.034] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.034] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.034] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.035] IWbemClassObject:Get (in: This=0xe327200, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c14dd8*=0, plFlavor=0x6c14ddc*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="msfeedssync.exe", varVal2=0x0), pType=0x6c14dd8*=8, plFlavor=0x6c14ddc*=0) returned 0x0 [0169.035] SysStringByteLen (bstr="msfeedssync.exe") returned 0x1e [0169.035] SysStringByteLen (bstr="msfeedssync.exe") returned 0x1e [0169.035] IWbemClassObject:Get (in: This=0xe327200, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c14dd8*=8, plFlavor=0x6c14ddc*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="msfeedssync.exe", varVal2=0x0), pType=0x6c14dd8*=8, plFlavor=0x6c14ddc*=0) returned 0x0 [0169.035] SysStringByteLen (bstr="msfeedssync.exe") returned 0x1e [0169.035] SysStringByteLen (bstr="msfeedssync.exe") returned 0x1e [0169.035] CoTaskMemAlloc (cb=0x4) returned 0xc16548 [0169.035] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16548, puReturned=0x6be9388 | out: apObjects=0xc16548*=0xe334620, puReturned=0x6be9388*=0x1) returned 0x0 [0169.037] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe334620) returned 0x0 [0169.037] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.037] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0169.037] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dc7c | out: ppvObject=0x18dc7c*=0x0) returned 0x80004002 [0169.038] IUnknown:AddRef (This=0xe334620) returned 0x3 [0169.038] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0169.038] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0169.038] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe334624) returned 0x0 [0169.038] IMarshal:GetUnmarshalClass (in: This=0xe334624, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.038] IUnknown:Release (This=0xe334624) returned 0x3 [0169.038] IUnknown:QueryInterface (in: This=0xe334620, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de8c | out: ppvObject=0x18de8c*=0x0) returned 0x80004002 [0169.039] IUnknown:Release (This=0xe334620) returned 0x2 [0169.039] IUnknown:QueryInterface (in: This=0xe334620, riid=0x18e408*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e404 | out: ppvObject=0x18e404*=0xe334620) returned 0x0 [0169.039] IUnknown:AddRef (This=0xe334620) returned 0x4 [0169.039] IUnknown:Release (This=0xe334620) returned 0x3 [0169.039] IUnknown:Release (This=0xe334620) returned 0x2 [0169.039] CoTaskMemFree (pv=0xc16548) [0169.039] IUnknown:AddRef (This=0xe334620) returned 0x3 [0169.039] IWbemClassObject:Get (in: This=0xe334620, wszName="__GENUS", lFlags=0, pVal=0x18ea5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eadc*=0, plFlavor=0x18ead8*=0 | out: pVal=0x18ea5c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18eadc*=3, plFlavor=0x18ead8*=64) returned 0x0 [0169.040] IWbemClassObject:Get (in: This=0xe334620, wszName="__PATH", lFlags=0, pVal=0x18ea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eac4*=0, plFlavor=0x18eac0*=0 | out: pVal=0x18ea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"564\"", varVal2=0x0), pType=0x18eac4*=8, plFlavor=0x18eac0*=64) returned 0x0 [0169.040] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"564\"") returned 0x5c [0169.040] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"564\"") returned 0x5c [0169.040] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.040] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.040] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.040] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.042] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0169.042] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.042] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe323298) returned 0x0 [0169.042] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0169.042] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe323298) returned 0x0 [0169.042] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.043] WbemDefPath:IUnknown:AddRef (This=0xe323298) returned 0x3 [0169.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.043] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32c958) returned 0x0 [0169.043] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c958, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.045] WbemDefPath:IUnknown:Release (This=0xe32c958) returned 0x3 [0169.045] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.045] WbemDefPath:IUnknown:Release (This=0xe323298) returned 0x2 [0169.045] WbemDefPath:IUnknown:Release (This=0xe323298) returned 0x1 [0169.045] WbemDefPath:IUnknown:QueryInterface (in: This=0xe323298, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe323298) returned 0x0 [0169.045] WbemDefPath:IUnknown:AddRef (This=0xe323298) returned 0x3 [0169.045] WbemDefPath:IUnknown:Release (This=0xe323298) returned 0x2 [0169.045] WbemDefPath:IWbemPath:SetText (This=0xe323298, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"564\"") returned 0x0 [0169.045] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.046] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.046] IWbemClassObject:Get (in: This=0xe334620, wszName="Name", lFlags=0, pVal=0x18ea60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c15698*=0, plFlavor=0x6c1569c*=0 | out: pVal=0x18ea60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="vbc.exe", varVal2=0x0), pType=0x6c15698*=8, plFlavor=0x6c1569c*=0) returned 0x0 [0169.046] SysStringByteLen (bstr="vbc.exe") returned 0xe [0169.046] SysStringByteLen (bstr="vbc.exe") returned 0xe [0169.046] IWbemClassObject:Get (in: This=0xe334620, wszName="Name", lFlags=0, pVal=0x18ea68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c15698*=8, plFlavor=0x6c1569c*=0 | out: pVal=0x18ea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="vbc.exe", varVal2=0x0), pType=0x6c15698*=8, plFlavor=0x6c1569c*=0) returned 0x0 [0169.046] SysStringByteLen (bstr="vbc.exe") returned 0xe [0169.046] SysStringByteLen (bstr="vbc.exe") returned 0xe [0169.046] CoTaskMemAlloc (cb=0x4) returned 0xc16508 [0169.047] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16508, puReturned=0x6be9388 | out: apObjects=0xc16508*=0xe333498, puReturned=0x6be9388*=0x1) returned 0x0 [0169.048] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0c8 | out: ppvObject=0x18e0c8*=0xe333498) returned 0x0 [0169.048] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.049] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18dea4 | out: ppvObject=0x18dea4*=0x0) returned 0x80004002 [0169.049] IUnknown:AddRef (This=0xe333498) returned 0x3 [0169.049] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18d9dc | out: ppvObject=0x18d9dc*=0x0) returned 0x80004002 [0169.049] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18d98c | out: ppvObject=0x18d98c*=0x0) returned 0x80004002 [0169.049] IUnknown:QueryInterface (in: This=0xe333498, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18d998 | out: ppvObject=0x18d998*=0xe33349c) returned 0x0 [0169.051] IMarshal:GetUnmarshalClass (in: This=0xe33349c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18d9a0 | out: pCid=0x18d9a0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.051] IUnknown:Release (This=0xe33349c) returned 0x3 [0169.051] IUnknown:Release (This=0xe333498) returned 0x2 [0169.051] IUnknown:AddRef (This=0xe333498) returned 0x4 [0169.051] IUnknown:Release (This=0xe333498) returned 0x3 [0169.051] IUnknown:Release (This=0xe333498) returned 0x2 [0169.051] CoTaskMemFree (pv=0xc16508) [0169.051] IUnknown:AddRef (This=0xe333498) returned 0x3 [0169.052] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4740\"") returned 0x5e [0169.052] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4740\"") returned 0x5e [0169.052] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ea6c | out: ppv=0x18ea6c*=0xb71a3c) returned 0x0 [0169.052] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ea64 | out: pAptType=0x18ea64*=1) returned 0x0 [0169.052] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ea68 | out: ppvObject=0x18ea68*=0x0) returned 0x80004002 [0169.053] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.060] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e3d0 | out: ppv=0x18e3d0*=0xc163b8) returned 0x0 [0169.060] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0169.060] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5f8 | out: ppvObject=0x18e5f8*=0xe335878) returned 0x0 [0169.060] WbemDefPath:IUnknown:Release (This=0xc163b8) returned 0x0 [0169.060] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e21c | out: ppvObject=0x18e21c*=0xe335878) returned 0x0 [0169.061] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e1d8 | out: ppvObject=0x18e1d8*=0x0) returned 0x80004002 [0169.061] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0169.061] WbemDefPath:IUnknown:AddRef (This=0xe335878) returned 0x3 [0169.061] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18db2c | out: ppvObject=0x18db2c*=0x0) returned 0x80004002 [0169.061] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dadc | out: ppvObject=0x18dadc*=0x0) returned 0x80004002 [0169.061] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dae8 | out: ppvObject=0x18dae8*=0xe32cc28) returned 0x0 [0169.061] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32cc28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18daf0 | out: pCid=0x18daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.062] WbemDefPath:IUnknown:Release (This=0xe32cc28) returned 0x3 [0169.062] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfdc | out: ppvObject=0x18dfdc*=0x0) returned 0x80004002 [0169.062] WbemDefPath:IUnknown:Release (This=0xe335878) returned 0x2 [0169.062] WbemDefPath:IUnknown:Release (This=0xe335878) returned 0x1 [0169.062] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335878, riid=0x18e918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18e914 | out: ppvObject=0x18e914*=0xe335878) returned 0x0 [0169.062] WbemDefPath:IUnknown:AddRef (This=0xe335878) returned 0x3 [0169.062] WbemDefPath:IUnknown:Release (This=0xe335878) returned 0x2 [0169.062] WbemDefPath:IWbemPath:SetText (This=0xe335878, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4740\"") returned 0x0 [0169.062] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea98 | out: puCount=0x18ea98*=0x2) returned 0x0 [0169.062] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0x0, pszText=0x0 | out: puBuffLength=0x18ea94*=0xf, pszText=0x0) returned 0x0 [0169.063] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.063] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ea64 | out: puCount=0x18ea64*=0x2) returned 0x0 [0169.063] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0x0, pszText=0x0 | out: puBuffLength=0x18ea60*=0xf, pszText=0x0) returned 0x0 [0169.063] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ea60*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ea60*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.063] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0169.064] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0169.064] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6be9388 | out: apObjects=0xc16468*=0x0, puReturned=0x6be9388*=0x0) returned 0x1 [0169.067] CoTaskMemFree (pv=0xc16468) [0169.067] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x1 [0169.067] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0169.069] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x1 [0169.069] IUnknown:Release (This=0xb7aa10) returned 0x0 [0169.096] CoTaskMemAlloc (cb=0x20c) returned 0xbdbda0 [0169.096] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xbdbda0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0169.098] CoTaskMemFree (pv=0xbdbda0) [0169.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0169.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0169.108] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x18e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0169.108] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\telegram desktop\\tdata\\*"), lpFindFileData=0x18e918 | out: lpFindFileData=0x18e918*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0169.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebb4) returned 1 [0169.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x18e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0169.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ee38) returned 1 [0169.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x18e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0169.119] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\telegram desktop\\tdata\\*"), lpFindFileData=0x18eb60 | out: lpFindFileData=0x18eb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0169.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edfc) returned 1 [0169.144] CoCreateGuid (in: pguid=0x18ebf8 | out: pguid=0x18ebf8*(Data1=0xe86f05b0, Data2=0xc132, Data3=0x4cee, Data4=([0]=0x9a, [1]=0xc6, [2]=0xfd, [3]=0xe, [4]=0xbd, [5]=0x34, [6]=0xbb, [7]=0x92))) returned 0x0 [0169.145] CoCreateGuid (in: pguid=0x18eb38 | out: pguid=0x18eb38*(Data1=0x343dfefc, Data2=0x1e94, Data3=0x46c4, Data4=([0]=0xaa, [1]=0x86, [2]=0x44, [3]=0x48, [4]=0xbe, [5]=0xcb, [6]=0xb0, [7]=0xba))) returned 0x0 [0169.146] send (s=0x348, buf=0x6bbe833*, len=167, flags=0) returned 167 [0169.147] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 128 [0169.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ede0 | out: puCount=0x18ede0*=0x2) returned 0x0 [0169.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eddc*=0x0, pszText=0x0 | out: puBuffLength=0x18eddc*=0xf, pszText=0x0) returned 0x0 [0169.271] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eddc*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eddc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.271] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed68 | out: ppv=0x18ed68*=0xb71a3c) returned 0x0 [0169.271] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed60 | out: pAptType=0x18ed60*=1) returned 0x0 [0169.271] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed64 | out: ppvObject=0x18ed64*=0x0) returned 0x80004002 [0169.271] IUnknown:Release (This=0xb71a3c) returned 0x1 [0169.272] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e978 | out: ppv=0x18e978*=0xe32ce08) returned 0x0 [0169.272] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ce08, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb94 | out: ppvObject=0x18eb94*=0x0) returned 0x80004002 [0169.272] WbemLocator:IClassFactory:CreateInstance (in: This=0xe32ce08, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eba0 | out: ppvObject=0x18eba0*=0xc163f8) returned 0x0 [0169.272] WbemLocator:IUnknown:Release (This=0xe32ce08) returned 0x0 [0169.272] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7c4 | out: ppvObject=0x18e7c4*=0xc163f8) returned 0x0 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e780 | out: ppvObject=0x18e780*=0x0) returned 0x80004002 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e374 | out: ppvObject=0x18e374*=0x0) returned 0x80004002 [0169.273] WbemLocator:IUnknown:AddRef (This=0xc163f8) returned 0x3 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e084 | out: ppvObject=0x18e084*=0x0) returned 0x80004002 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e090 | out: ppvObject=0x18e090*=0x0) returned 0x80004002 [0169.273] CoGetContextToken (in: pToken=0x18e0f0 | out: pToken=0x18e0f0) returned 0x0 [0169.273] CoGetContextToken (in: pToken=0x18e4f8 | out: pToken=0x18e4f8) returned 0x0 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e584 | out: ppvObject=0x18e584*=0x0) returned 0x80004002 [0169.273] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x2 [0169.273] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x1 [0169.273] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0169.273] CoGetContextToken (in: pToken=0x18eae0 | out: pToken=0x18eae0) returned 0x0 [0169.273] WbemLocator:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x18ebb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18ebac | out: ppvObject=0x18ebac*=0xc163f8) returned 0x0 [0169.274] WbemLocator:IUnknown:AddRef (This=0xc163f8) returned 0x3 [0169.274] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x2 [0169.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed44 | out: puCount=0x18ed44*=0x2) returned 0x0 [0169.274] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed40*=0x0, pszText=0x0 | out: puBuffLength=0x18ed40*=0xf, pszText=0x0) returned 0x0 [0169.274] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed40*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed40*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.274] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18ec1c | out: ppv=0x18ec1c*=0xc164b8) returned 0x0 [0169.274] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc164b8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ecb0 | out: ppNamespace=0x18ecb0*=0xe330130) returned 0x0 [0169.312] WbemLocator:IUnknown:QueryInterface (in: This=0xe330130, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb44 | out: ppvObject=0x18eb44*=0xbbe7dc) returned 0x0 [0169.312] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbe7dc, pProxy=0xe330130, pAuthnSvc=0x18eb94, pAuthzSvc=0x18eb90, pServerPrincName=0x18eb88, pAuthnLevel=0x18eb8c, pImpLevel=0x18eb7c, pAuthInfo=0x18eb80, pCapabilites=0x18eb84 | out: pAuthnSvc=0x18eb94*=0xa, pAuthzSvc=0x18eb90*=0x0, pServerPrincName=0x18eb88, pAuthnLevel=0x18eb8c*=0x6, pImpLevel=0x18eb7c*=0x2, pAuthInfo=0x18eb80, pCapabilites=0x18eb84*=0x1) returned 0x0 [0169.312] WbemLocator:IUnknown:Release (This=0xbbe7dc) returned 0x1 [0169.312] WbemLocator:IUnknown:QueryInterface (in: This=0xe330130, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb38 | out: ppvObject=0x18eb38*=0xbbe800) returned 0x0 [0169.312] WbemLocator:IUnknown:QueryInterface (in: This=0xe330130, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0xbbe7dc) returned 0x0 [0169.312] WbemLocator:IClientSecurity:SetBlanket (This=0xbbe7dc, pProxy=0xe330130, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0169.312] WbemLocator:IUnknown:Release (This=0xbbe7dc) returned 0x2 [0169.313] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x1 [0169.313] CoTaskMemFree (pv=0xe2f2dc8) [0169.313] WbemLocator:IUnknown:Release (This=0xc164b8) returned 0x0 [0169.313] WbemLocator:IUnknown:QueryInterface (in: This=0xe330130, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e734 | out: ppvObject=0x18e734*=0xbbe800) returned 0x0 [0169.313] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6f0 | out: ppvObject=0x18e6f0*=0x0) returned 0x80004002 [0169.314] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0x0) returned 0x80004002 [0169.317] WbemLocator:IUnknown:QueryInterface (in: This=0xe330130, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0169.318] WbemLocator:IUnknown:AddRef (This=0xbbe800) returned 0x3 [0169.318] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e044 | out: ppvObject=0x18e044*=0x0) returned 0x80004002 [0169.318] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dff4 | out: ppvObject=0x18dff4*=0x0) returned 0x80004002 [0169.318] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e000 | out: ppvObject=0x18e000*=0xbbe75c) returned 0x0 [0169.319] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe75c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e008 | out: pCid=0x18e008*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.319] WbemLocator:IUnknown:Release (This=0xbbe75c) returned 0x3 [0169.319] CoGetContextToken (in: pToken=0x18e060 | out: pToken=0x18e060) returned 0x0 [0169.319] CoGetContextToken (in: pToken=0x18e468 | out: pToken=0x18e468) returned 0x0 [0169.319] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4f4 | out: ppvObject=0x18e4f4*=0xbbe7e4) returned 0x0 [0169.319] WbemLocator:IRpcOptions:Query (in: This=0xbbe7e4, pPrx=0xbbe800, dwProperty=2, pdwValue=0x18e500 | out: pdwValue=0x18e500) returned 0x80004002 [0169.319] WbemLocator:IUnknown:Release (This=0xbbe7e4) returned 0x3 [0169.319] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x2 [0169.319] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0169.319] CoGetContextToken (in: pToken=0x18e9a8 | out: pToken=0x18e9a8) returned 0x0 [0169.319] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x18ea78*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18ea74 | out: ppvObject=0x18ea74*=0xe330130) returned 0x0 [0169.319] WbemLocator:IUnknown:AddRef (This=0xe330130) returned 0x4 [0169.319] WbemLocator:IUnknown:Release (This=0xe330130) returned 0x3 [0169.319] WbemLocator:IUnknown:Release (This=0xe330130) returned 0x2 [0169.320] SysStringLen (param_1=0x0) returned 0x0 [0169.320] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0169.320] WbemLocator:IUnknown:AddRef (This=0xbbe800) returned 0x3 [0169.320] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe800, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0xbbe800) returned 0x0 [0169.320] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x3 [0169.320] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x2 [0169.320] CoGetContextToken (in: pToken=0x18eb40 | out: pToken=0x18eb40) returned 0x0 [0169.320] WbemLocator:IUnknown:AddRef (This=0xe330130) returned 0x3 [0169.320] IWbemServices:ExecQuery (in: This=0xe330130, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x18ed50 | out: ppEnum=0x18ed50*=0xb7aa10) returned 0x0 [0169.359] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebac | out: ppvObject=0x18ebac*=0xb7aa14) returned 0x0 [0169.359] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ebfc, pAuthzSvc=0x18ebf8, pServerPrincName=0x18ebf0, pAuthnLevel=0x18ebf4, pImpLevel=0x18ebe4, pAuthInfo=0x18ebe8, pCapabilites=0x18ebec | out: pAuthnSvc=0x18ebfc*=0xa, pAuthzSvc=0x18ebf8*=0x0, pServerPrincName=0x18ebf0, pAuthnLevel=0x18ebf4*=0x6, pImpLevel=0x18ebe4*=0x2, pAuthInfo=0x18ebe8, pCapabilites=0x18ebec*=0x1) returned 0x0 [0169.359] IUnknown:Release (This=0xb7aa14) returned 0x1 [0169.359] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eba0 | out: ppvObject=0x18eba0*=0xbbf600) returned 0x0 [0169.359] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb8c | out: ppvObject=0x18eb8c*=0xb7aa14) returned 0x0 [0169.359] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0169.361] IUnknown:Release (This=0xb7aa14) returned 0x2 [0169.361] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0169.361] CoTaskMemFree (pv=0xe2f2a08) [0169.361] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e798 | out: ppvObject=0x18e798*=0xbbf600) returned 0x0 [0169.361] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0x0) returned 0x80004002 [0169.362] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e574 | out: ppvObject=0x18e574*=0x0) returned 0x80004002 [0169.362] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e34c | out: ppvObject=0x18e34c*=0x0) returned 0x80004002 [0169.363] WbemLocator:IUnknown:AddRef (This=0xbbf600) returned 0x3 [0169.363] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0ac | out: ppvObject=0x18e0ac*=0x0) returned 0x80004002 [0169.363] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e05c | out: ppvObject=0x18e05c*=0x0) returned 0x80004002 [0169.363] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e068 | out: ppvObject=0x18e068*=0xbbf55c) returned 0x0 [0169.363] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf55c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e070 | out: pCid=0x18e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.363] WbemLocator:IUnknown:Release (This=0xbbf55c) returned 0x3 [0169.363] CoGetContextToken (in: pToken=0x18e0c8 | out: pToken=0x18e0c8) returned 0x0 [0169.364] CoGetContextToken (in: pToken=0x18e4d0 | out: pToken=0x18e4d0) returned 0x0 [0169.364] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e55c | out: ppvObject=0x18e55c*=0xbbf5e4) returned 0x0 [0169.364] WbemLocator:IRpcOptions:Query (in: This=0xbbf5e4, pPrx=0xbbf600, dwProperty=2, pdwValue=0x18e568 | out: pdwValue=0x18e568) returned 0x80004002 [0169.364] WbemLocator:IUnknown:Release (This=0xbbf5e4) returned 0x3 [0169.364] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x2 [0169.364] CoGetContextToken (in: pToken=0x18eaa8 | out: pToken=0x18eaa8) returned 0x0 [0169.364] CoGetContextToken (in: pToken=0x18ea08 | out: pToken=0x18ea08) returned 0x0 [0169.364] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x18ead8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ead4 | out: ppvObject=0x18ead4*=0xb7aa10) returned 0x0 [0169.364] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0169.364] IUnknown:Release (This=0xb7aa10) returned 0x3 [0169.364] IUnknown:Release (This=0xb7aa10) returned 0x2 [0169.364] WbemLocator:IUnknown:Release (This=0xe330130) returned 0x2 [0169.364] SysStringLen (param_1=0x0) returned 0x0 [0169.364] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed9c | out: puCount=0x18ed9c*=0x2) returned 0x0 [0169.364] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed98*=0x0, pszText=0x0 | out: puBuffLength=0x18ed98*=0xf, pszText=0x0) returned 0x0 [0169.365] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.365] CoGetContextToken (in: pToken=0x18ebe8 | out: pToken=0x18ebe8) returned 0x0 [0169.365] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0169.365] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18eda8 | out: ppEnum=0x18eda8*=0xb7a3d0) returned 0x0 [0169.366] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec64 | out: ppvObject=0x18ec64*=0xb7a3d4) returned 0x0 [0169.366] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18ecb4, pAuthzSvc=0x18ecb0, pServerPrincName=0x18eca8, pAuthnLevel=0x18ecac, pImpLevel=0x18ec9c, pAuthInfo=0x18eca0, pCapabilites=0x18eca4 | out: pAuthnSvc=0x18ecb4*=0xa, pAuthzSvc=0x18ecb0*=0x0, pServerPrincName=0x18eca8, pAuthnLevel=0x18ecac*=0x6, pImpLevel=0x18ec9c*=0x2, pAuthInfo=0x18eca0, pCapabilites=0x18eca4*=0x1) returned 0x0 [0169.366] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0169.366] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec58 | out: ppvObject=0x18ec58*=0xbbec00) returned 0x0 [0169.366] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec44 | out: ppvObject=0x18ec44*=0xb7a3d4) returned 0x0 [0169.366] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0169.368] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0169.369] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0169.369] CoTaskMemFree (pv=0xe2f2c78) [0169.369] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e840 | out: ppvObject=0x18e840*=0xbbec00) returned 0x0 [0169.369] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e7fc | out: ppvObject=0x18e7fc*=0x0) returned 0x80004002 [0169.436] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e61c | out: ppvObject=0x18e61c*=0x0) returned 0x80004002 [0169.436] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e3f4 | out: ppvObject=0x18e3f4*=0x0) returned 0x80004002 [0169.437] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0169.437] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e154 | out: ppvObject=0x18e154*=0x0) returned 0x80004002 [0169.437] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e104 | out: ppvObject=0x18e104*=0x0) returned 0x80004002 [0169.437] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e110 | out: ppvObject=0x18e110*=0xbbeb5c) returned 0x0 [0169.437] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e118 | out: pCid=0x18e118*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.437] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0169.437] CoGetContextToken (in: pToken=0x18e170 | out: pToken=0x18e170) returned 0x0 [0169.438] CoGetContextToken (in: pToken=0x18e578 | out: pToken=0x18e578) returned 0x0 [0169.438] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e604 | out: ppvObject=0x18e604*=0xbbebe4) returned 0x0 [0169.438] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e610 | out: pdwValue=0x18e610) returned 0x80004002 [0169.438] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0169.438] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0169.438] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0169.438] CoGetContextToken (in: pToken=0x18eab0 | out: pToken=0x18eab0) returned 0x0 [0169.438] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18eb80*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb7c | out: ppvObject=0x18eb7c*=0xb7a3d0) returned 0x0 [0169.438] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0169.438] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0169.438] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0169.438] IUnknown:Release (This=0xb7aa10) returned 0x2 [0169.438] SysStringLen (param_1=0x0) returned 0x0 [0169.438] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0169.439] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0169.439] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6c18ba8 | out: apObjects=0xc16488*=0xe3337c8, puReturned=0x6c18ba8*=0x1) returned 0x0 [0173.368] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e400 | out: ppvObject=0x18e400*=0xe3337c8) returned 0x0 [0173.368] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e3bc | out: ppvObject=0x18e3bc*=0x0) returned 0x80004002 [0173.368] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1dc | out: ppvObject=0x18e1dc*=0x0) returned 0x80004002 [0173.368] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18dfb4 | out: ppvObject=0x18dfb4*=0x0) returned 0x80004002 [0173.369] IUnknown:AddRef (This=0xe3337c8) returned 0x3 [0173.369] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dd14 | out: ppvObject=0x18dd14*=0x0) returned 0x80004002 [0173.369] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dcc4 | out: ppvObject=0x18dcc4*=0x0) returned 0x80004002 [0173.369] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dcd0 | out: ppvObject=0x18dcd0*=0xe3337cc) returned 0x0 [0173.369] IMarshal:GetUnmarshalClass (in: This=0xe3337cc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dcd8 | out: pCid=0x18dcd8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0173.369] IUnknown:Release (This=0xe3337cc) returned 0x3 [0173.369] CoGetContextToken (in: pToken=0x18dd30 | out: pToken=0x18dd30) returned 0x0 [0173.369] CoGetContextToken (in: pToken=0x18e138 | out: pToken=0x18e138) returned 0x0 [0173.369] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1c4 | out: ppvObject=0x18e1c4*=0x0) returned 0x80004002 [0173.370] IUnknown:Release (This=0xe3337c8) returned 0x2 [0173.370] CoGetContextToken (in: pToken=0x18e710 | out: pToken=0x18e710) returned 0x0 [0173.370] CoGetContextToken (in: pToken=0x18e670 | out: pToken=0x18e670) returned 0x0 [0173.370] IUnknown:QueryInterface (in: This=0xe3337c8, riid=0x18e740*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e73c | out: ppvObject=0x18e73c*=0xe3337c8) returned 0x0 [0173.370] IUnknown:AddRef (This=0xe3337c8) returned 0x4 [0173.370] IUnknown:Release (This=0xe3337c8) returned 0x3 [0173.370] IUnknown:Release (This=0xe3337c8) returned 0x2 [0173.370] CoTaskMemFree (pv=0xc16488) [0173.370] CoGetContextToken (in: pToken=0x18ea88 | out: pToken=0x18ea88) returned 0x0 [0173.370] IUnknown:AddRef (This=0xe3337c8) returned 0x3 [0173.371] IWbemClassObject:Get (in: This=0xe3337c8, wszName="__GENUS", lFlags=0, pVal=0x18ed98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ee18*=0, plFlavor=0x18ee14*=0 | out: pVal=0x18ed98*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ee18*=3, plFlavor=0x18ee14*=64) returned 0x0 [0173.371] IWbemClassObject:Get (in: This=0xe3337c8, wszName="__PATH", lFlags=0, pVal=0x18ed7c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ee00*=0, plFlavor=0x18edfc*=0 | out: pVal=0x18ed7c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x18ee00*=8, plFlavor=0x18edfc*=64) returned 0x0 [0173.372] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0173.372] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0173.372] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18eda8 | out: ppv=0x18eda8*=0xb71a3c) returned 0x0 [0173.372] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18eda0 | out: pAptType=0x18eda0*=1) returned 0x0 [0173.373] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18eda4 | out: ppvObject=0x18eda4*=0x0) returned 0x80004002 [0173.373] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.376] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e710 | out: ppv=0x18e710*=0xc163c8) returned 0x0 [0173.376] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e92c | out: ppvObject=0x18e92c*=0x0) returned 0x80004002 [0173.377] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e938 | out: ppvObject=0x18e938*=0xe335b18) returned 0x0 [0173.377] WbemDefPath:IUnknown:Release (This=0xc163c8) returned 0x0 [0173.377] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e55c | out: ppvObject=0x18e55c*=0xe335b18) returned 0x0 [0173.377] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e518 | out: ppvObject=0x18e518*=0x0) returned 0x80004002 [0173.377] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e10c | out: ppvObject=0x18e10c*=0x0) returned 0x80004002 [0173.377] WbemDefPath:IUnknown:AddRef (This=0xe335b18) returned 0x3 [0173.378] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de6c | out: ppvObject=0x18de6c*=0x0) returned 0x80004002 [0173.378] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0173.378] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de28 | out: ppvObject=0x18de28*=0xe339268) returned 0x0 [0173.378] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339268, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18de30 | out: pCid=0x18de30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.378] WbemDefPath:IUnknown:Release (This=0xe339268) returned 0x3 [0173.378] CoGetContextToken (in: pToken=0x18de88 | out: pToken=0x18de88) returned 0x0 [0173.378] CoGetContextToken (in: pToken=0x18e290 | out: pToken=0x18e290) returned 0x0 [0173.378] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e31c | out: ppvObject=0x18e31c*=0x0) returned 0x80004002 [0173.378] WbemDefPath:IUnknown:Release (This=0xe335b18) returned 0x2 [0173.378] WbemDefPath:IUnknown:Release (This=0xe335b18) returned 0x1 [0173.378] CoGetContextToken (in: pToken=0x18ec20 | out: pToken=0x18ec20) returned 0x0 [0173.378] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0173.379] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335b18, riid=0x18ec50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec4c | out: ppvObject=0x18ec4c*=0xe335b18) returned 0x0 [0173.379] WbemDefPath:IUnknown:AddRef (This=0xe335b18) returned 0x3 [0173.379] WbemDefPath:IUnknown:Release (This=0xe335b18) returned 0x2 [0173.379] WbemDefPath:IWbemPath:SetText (This=0xe335b18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0173.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18edd4 | out: puCount=0x18edd4*=0x2) returned 0x0 [0173.379] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edd0*=0x0, pszText=0x0 | out: puBuffLength=0x18edd0*=0xf, pszText=0x0) returned 0x0 [0173.379] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edd0*=0xf, pszText="00000000000000" | out: puBuffLength=0x18edd0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.390] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0173.390] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0173.390] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.390] IWbemClassObject:Get (in: This=0xe3337c8, wszName="Name", lFlags=0, pVal=0x18ed9c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c19418*=0, plFlavor=0x6c1941c*=0 | out: pVal=0x18ed9c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x6c19418*=8, plFlavor=0x6c1941c*=0) returned 0x0 [0173.390] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0173.390] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0173.390] IWbemClassObject:Get (in: This=0xe3337c8, wszName="Name", lFlags=0, pVal=0x18eda4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c19418*=8, plFlavor=0x6c1941c*=0 | out: pVal=0x18eda4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x6c19418*=8, plFlavor=0x6c1941c*=0) returned 0x0 [0173.391] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0173.391] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0173.397] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0173.397] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0173.397] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.397] IWbemClassObject:Get (in: This=0xe3337c8, wszName="NumberOfCores", lFlags=0, pVal=0x18ed9c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c19598*=0, plFlavor=0x6c1959c*=0 | out: pVal=0x18ed9c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x6c19598*=19, plFlavor=0x6c1959c*=0) returned 0x0 [0173.397] IWbemClassObject:Get (in: This=0xe3337c8, wszName="NumberOfCores", lFlags=0, pVal=0x18eda4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c19598*=19, plFlavor=0x6c1959c*=0 | out: pVal=0x18eda4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x6c19598*=19, plFlavor=0x6c1959c*=0) returned 0x0 [0173.426] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0173.426] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6c18ba8 | out: apObjects=0xc164b8*=0x0, puReturned=0x6c18ba8*=0x0) returned 0x1 [0173.428] CoTaskMemFree (pv=0xc164b8) [0173.428] CoGetContextToken (in: pToken=0x18ecc8 | out: pToken=0x18ecc8) returned 0x0 [0173.428] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0173.428] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0173.432] CoGetContextToken (in: pToken=0x18ecc8 | out: pToken=0x18ecc8) returned 0x0 [0173.432] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0173.432] IUnknown:Release (This=0xb7aa10) returned 0x0 [0173.549] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed98 | out: ppv=0x18ed98*=0xb71a3c) returned 0x0 [0173.549] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed90 | out: pAptType=0x18ed90*=1) returned 0x0 [0173.549] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed94 | out: ppvObject=0x18ed94*=0x0) returned 0x80004002 [0173.549] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.550] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e700 | out: ppv=0x18e700*=0xc16578) returned 0x0 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e91c | out: ppvObject=0x18e91c*=0x0) returned 0x80004002 [0173.551] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16578, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e928 | out: ppvObject=0x18e928*=0xe335108) returned 0x0 [0173.551] WbemDefPath:IUnknown:Release (This=0xc16578) returned 0x0 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e54c | out: ppvObject=0x18e54c*=0xe335108) returned 0x0 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e508 | out: ppvObject=0x18e508*=0x0) returned 0x80004002 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0fc | out: ppvObject=0x18e0fc*=0x0) returned 0x80004002 [0173.551] WbemDefPath:IUnknown:AddRef (This=0xe335108) returned 0x3 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de5c | out: ppvObject=0x18de5c*=0x0) returned 0x80004002 [0173.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18de0c | out: ppvObject=0x18de0c*=0x0) returned 0x80004002 [0173.552] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de18 | out: ppvObject=0x18de18*=0xe3391a8) returned 0x0 [0173.552] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3391a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18de20 | out: pCid=0x18de20*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.552] WbemDefPath:IUnknown:Release (This=0xe3391a8) returned 0x3 [0173.552] CoGetContextToken (in: pToken=0x18de78 | out: pToken=0x18de78) returned 0x0 [0173.552] CoGetContextToken (in: pToken=0x18e280 | out: pToken=0x18e280) returned 0x0 [0173.552] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e30c | out: ppvObject=0x18e30c*=0x0) returned 0x80004002 [0173.552] WbemDefPath:IUnknown:Release (This=0xe335108) returned 0x2 [0173.552] WbemDefPath:IUnknown:Release (This=0xe335108) returned 0x1 [0173.552] CoGetContextToken (in: pToken=0x18ec10 | out: pToken=0x18ec10) returned 0x0 [0173.552] CoGetContextToken (in: pToken=0x18eb70 | out: pToken=0x18eb70) returned 0x0 [0173.552] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335108, riid=0x18ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec3c | out: ppvObject=0x18ec3c*=0xe335108) returned 0x0 [0173.552] WbemDefPath:IUnknown:AddRef (This=0xe335108) returned 0x3 [0173.552] WbemDefPath:IUnknown:Release (This=0xe335108) returned 0x2 [0173.552] WbemDefPath:IWbemPath:SetText (This=0xe335108, uMode=0x4, pszPath="root\\CIMV2") returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18edc0 | out: puCount=0x18edc0*=0x2) returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18edbc*=0x0, pszText=0x0 | out: puBuffLength=0x18edbc*=0xf, pszText=0x0) returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x18edbc*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18edac | out: puCount=0x18edac*=0x2) returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18eda8*=0x0, pszText=0x0 | out: puBuffLength=0x18eda8*=0xf, pszText=0x0) returned 0x0 [0173.553] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18eda8*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eda8*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.553] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed3c | out: ppv=0x18ed3c*=0xb71a3c) returned 0x0 [0173.553] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed34 | out: pAptType=0x18ed34*=1) returned 0x0 [0173.553] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed38 | out: ppvObject=0x18ed38*=0x0) returned 0x80004002 [0173.553] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.554] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e948 | out: ppv=0x18e948*=0xe339160) returned 0x0 [0173.554] WbemLocator:IUnknown:QueryInterface (in: This=0xe339160, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb64 | out: ppvObject=0x18eb64*=0x0) returned 0x80004002 [0173.554] WbemLocator:IClassFactory:CreateInstance (in: This=0xe339160, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb70 | out: ppvObject=0x18eb70*=0xc16418) returned 0x0 [0173.554] WbemLocator:IUnknown:Release (This=0xe339160) returned 0x0 [0173.554] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e794 | out: ppvObject=0x18e794*=0xc16418) returned 0x0 [0173.554] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e750 | out: ppvObject=0x18e750*=0x0) returned 0x80004002 [0173.554] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e344 | out: ppvObject=0x18e344*=0x0) returned 0x80004002 [0173.555] WbemLocator:IUnknown:AddRef (This=0xc16418) returned 0x3 [0173.555] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0a4 | out: ppvObject=0x18e0a4*=0x0) returned 0x80004002 [0173.555] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e054 | out: ppvObject=0x18e054*=0x0) returned 0x80004002 [0173.555] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e060 | out: ppvObject=0x18e060*=0x0) returned 0x80004002 [0173.555] CoGetContextToken (in: pToken=0x18e0c0 | out: pToken=0x18e0c0) returned 0x0 [0173.555] CoGetContextToken (in: pToken=0x18e4c8 | out: pToken=0x18e4c8) returned 0x0 [0173.555] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e554 | out: ppvObject=0x18e554*=0x0) returned 0x80004002 [0173.555] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x2 [0173.555] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x1 [0173.555] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0173.555] CoGetContextToken (in: pToken=0x18eab0 | out: pToken=0x18eab0) returned 0x0 [0173.555] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x18eb80*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb7c | out: ppvObject=0x18eb7c*=0xc16418) returned 0x0 [0173.555] WbemLocator:IUnknown:AddRef (This=0xc16418) returned 0x3 [0173.555] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x2 [0173.556] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18ed18 | out: puCount=0x18ed18*=0x2) returned 0x0 [0173.556] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=8, puBuffLength=0x18ed14*=0x0, pszText=0x0 | out: puBuffLength=0x18ed14*=0xf, pszText=0x0) returned 0x0 [0173.556] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=8, puBuffLength=0x18ed14*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed14*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.556] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18ebf0 | out: ppv=0x18ebf0*=0xc16578) returned 0x0 [0173.556] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16578, strNetworkResource="\\\\.\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec84 | out: ppNamespace=0x18ec84*=0xe330040) returned 0x0 [0173.595] WbemLocator:IUnknown:QueryInterface (in: This=0xe330040, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb18 | out: ppvObject=0x18eb18*=0xbbebdc) returned 0x0 [0173.595] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbebdc, pProxy=0xe330040, pAuthnSvc=0x18eb68, pAuthzSvc=0x18eb64, pServerPrincName=0x18eb5c, pAuthnLevel=0x18eb60, pImpLevel=0x18eb50, pAuthInfo=0x18eb54, pCapabilites=0x18eb58 | out: pAuthnSvc=0x18eb68*=0xa, pAuthzSvc=0x18eb64*=0x0, pServerPrincName=0x18eb5c, pAuthnLevel=0x18eb60*=0x6, pImpLevel=0x18eb50*=0x2, pAuthInfo=0x18eb54, pCapabilites=0x18eb58*=0x1) returned 0x0 [0173.595] WbemLocator:IUnknown:Release (This=0xbbebdc) returned 0x1 [0173.595] WbemLocator:IUnknown:QueryInterface (in: This=0xe330040, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb0c | out: ppvObject=0x18eb0c*=0xbbec00) returned 0x0 [0173.595] WbemLocator:IUnknown:QueryInterface (in: This=0xe330040, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaf8 | out: ppvObject=0x18eaf8*=0xbbebdc) returned 0x0 [0173.595] WbemLocator:IClientSecurity:SetBlanket (This=0xbbebdc, pProxy=0xe330040, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.596] WbemLocator:IUnknown:Release (This=0xbbebdc) returned 0x2 [0173.596] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0173.596] CoTaskMemFree (pv=0xe2f2b58) [0173.596] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x0 [0173.596] WbemLocator:IUnknown:QueryInterface (in: This=0xe330040, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e708 | out: ppvObject=0x18e708*=0xbbec00) returned 0x0 [0173.596] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6c4 | out: ppvObject=0x18e6c4*=0x0) returned 0x80004002 [0173.599] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e4e4 | out: ppvObject=0x18e4e4*=0x0) returned 0x80004002 [0173.600] WbemLocator:IUnknown:QueryInterface (in: This=0xe330040, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2bc | out: ppvObject=0x18e2bc*=0x0) returned 0x80004002 [0173.602] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0173.602] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e01c | out: ppvObject=0x18e01c*=0x0) returned 0x80004002 [0173.602] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfcc | out: ppvObject=0x18dfcc*=0x0) returned 0x80004002 [0173.602] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfd8 | out: ppvObject=0x18dfd8*=0xbbeb5c) returned 0x0 [0173.602] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dfe0 | out: pCid=0x18dfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.602] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0173.602] CoGetContextToken (in: pToken=0x18e038 | out: pToken=0x18e038) returned 0x0 [0173.602] CoGetContextToken (in: pToken=0x18e440 | out: pToken=0x18e440) returned 0x0 [0173.602] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4cc | out: ppvObject=0x18e4cc*=0xbbebe4) returned 0x0 [0173.603] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e4d8 | out: pdwValue=0x18e4d8) returned 0x80004002 [0173.603] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0173.603] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0173.603] CoGetContextToken (in: pToken=0x18ea18 | out: pToken=0x18ea18) returned 0x0 [0173.603] CoGetContextToken (in: pToken=0x18e978 | out: pToken=0x18e978) returned 0x0 [0173.603] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18ea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18ea44 | out: ppvObject=0x18ea44*=0xe330040) returned 0x0 [0173.603] WbemLocator:IUnknown:AddRef (This=0xe330040) returned 0x4 [0173.603] WbemLocator:IUnknown:Release (This=0xe330040) returned 0x3 [0173.603] WbemLocator:IUnknown:Release (This=0xe330040) returned 0x2 [0173.603] SysStringLen (param_1=0x0) returned 0x0 [0173.603] CoGetContextToken (in: pToken=0x18ea20 | out: pToken=0x18ea20) returned 0x0 [0173.604] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0173.604] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8b4 | out: ppvObject=0x18e8b4*=0xbbec00) returned 0x0 [0173.604] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x3 [0173.604] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0173.604] CoGetContextToken (in: pToken=0x18eb08 | out: pToken=0x18eb08) returned 0x0 [0173.604] WbemLocator:IUnknown:AddRef (This=0xe330040) returned 0x3 [0173.604] IWbemServices:ExecQuery (in: This=0xe330040, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x18ed24 | out: ppEnum=0x18ed24*=0xb7aa10) returned 0x0 [0173.671] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb74 | out: ppvObject=0x18eb74*=0xb7aa14) returned 0x0 [0173.672] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ebc4, pAuthzSvc=0x18ebc0, pServerPrincName=0x18ebb8, pAuthnLevel=0x18ebbc, pImpLevel=0x18ebac, pAuthInfo=0x18ebb0, pCapabilites=0x18ebb4 | out: pAuthnSvc=0x18ebc4*=0xa, pAuthzSvc=0x18ebc0*=0x0, pServerPrincName=0x18ebb8, pAuthnLevel=0x18ebbc*=0x6, pImpLevel=0x18ebac*=0x2, pAuthInfo=0x18ebb0, pCapabilites=0x18ebb4*=0x1) returned 0x0 [0173.672] IUnknown:Release (This=0xb7aa14) returned 0x1 [0173.672] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb68 | out: ppvObject=0x18eb68*=0xbbed00) returned 0x0 [0173.672] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb54 | out: ppvObject=0x18eb54*=0xb7aa14) returned 0x0 [0173.672] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.678] IUnknown:Release (This=0xb7aa14) returned 0x2 [0173.678] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0173.678] CoTaskMemFree (pv=0xe2f2be8) [0173.678] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e760 | out: ppvObject=0x18e760*=0xbbed00) returned 0x0 [0173.679] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e71c | out: ppvObject=0x18e71c*=0x0) returned 0x80004002 [0173.679] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e53c | out: ppvObject=0x18e53c*=0x0) returned 0x80004002 [0173.679] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e314 | out: ppvObject=0x18e314*=0x0) returned 0x80004002 [0173.680] WbemLocator:IUnknown:AddRef (This=0xbbed00) returned 0x3 [0173.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e074 | out: ppvObject=0x18e074*=0x0) returned 0x80004002 [0173.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e024 | out: ppvObject=0x18e024*=0x0) returned 0x80004002 [0173.680] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e030 | out: ppvObject=0x18e030*=0xbbec5c) returned 0x0 [0173.680] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbec5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e038 | out: pCid=0x18e038*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.680] WbemLocator:IUnknown:Release (This=0xbbec5c) returned 0x3 [0173.680] CoGetContextToken (in: pToken=0x18e090 | out: pToken=0x18e090) returned 0x0 [0173.681] CoGetContextToken (in: pToken=0x18e498 | out: pToken=0x18e498) returned 0x0 [0173.681] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbbece4) returned 0x0 [0173.681] WbemLocator:IRpcOptions:Query (in: This=0xbbece4, pPrx=0xbbed00, dwProperty=2, pdwValue=0x18e530 | out: pdwValue=0x18e530) returned 0x80004002 [0173.681] WbemLocator:IUnknown:Release (This=0xbbece4) returned 0x3 [0173.681] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x2 [0173.681] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0173.681] CoGetContextToken (in: pToken=0x18e9d0 | out: pToken=0x18e9d0) returned 0x0 [0173.681] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x18eaa0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea9c | out: ppvObject=0x18ea9c*=0xb7aa10) returned 0x0 [0173.681] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0173.681] IUnknown:Release (This=0xb7aa10) returned 0x3 [0173.681] IUnknown:Release (This=0xb7aa10) returned 0x2 [0173.681] WbemLocator:IUnknown:Release (This=0xe330040) returned 0x2 [0173.681] SysStringLen (param_1=0x0) returned 0x0 [0173.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18ed70 | out: puCount=0x18ed70*=0x2) returned 0x0 [0173.682] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18ed6c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed6c*=0xf, pszText=0x0) returned 0x0 [0173.682] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18ed6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed6c*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.682] CoGetContextToken (in: pToken=0x18ebc0 | out: pToken=0x18ebc0) returned 0x0 [0173.682] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0173.682] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ed7c | out: ppEnum=0x18ed7c*=0xb7a3d0) returned 0x0 [0173.683] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec38 | out: ppvObject=0x18ec38*=0xb7a3d4) returned 0x0 [0173.683] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18ec88, pAuthzSvc=0x18ec84, pServerPrincName=0x18ec7c, pAuthnLevel=0x18ec80, pImpLevel=0x18ec70, pAuthInfo=0x18ec74, pCapabilites=0x18ec78 | out: pAuthnSvc=0x18ec88*=0xa, pAuthzSvc=0x18ec84*=0x0, pServerPrincName=0x18ec7c, pAuthnLevel=0x18ec80*=0x6, pImpLevel=0x18ec70*=0x2, pAuthInfo=0x18ec74, pCapabilites=0x18ec78*=0x1) returned 0x0 [0173.683] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0173.683] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec2c | out: ppvObject=0x18ec2c*=0xbbe500) returned 0x0 [0173.683] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec18 | out: ppvObject=0x18ec18*=0xb7a3d4) returned 0x0 [0173.683] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.686] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0173.686] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0173.686] CoTaskMemFree (pv=0xe2f2888) [0173.686] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e814 | out: ppvObject=0x18e814*=0xbbe500) returned 0x0 [0173.687] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e7d0 | out: ppvObject=0x18e7d0*=0x0) returned 0x80004002 [0173.687] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ec | out: ppvObject=0x18e5ec*=0x0) returned 0x80004002 [0173.687] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e3c4 | out: ppvObject=0x18e3c4*=0x0) returned 0x80004002 [0173.688] WbemLocator:IUnknown:AddRef (This=0xbbe500) returned 0x3 [0173.688] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e124 | out: ppvObject=0x18e124*=0x0) returned 0x80004002 [0173.688] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0173.688] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0e0 | out: ppvObject=0x18e0e0*=0xbbe45c) returned 0x0 [0173.688] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe45c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0e8 | out: pCid=0x18e0e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.688] WbemLocator:IUnknown:Release (This=0xbbe45c) returned 0x3 [0173.688] CoGetContextToken (in: pToken=0x18e140 | out: pToken=0x18e140) returned 0x0 [0173.689] CoGetContextToken (in: pToken=0x18e548 | out: pToken=0x18e548) returned 0x0 [0173.689] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5d4 | out: ppvObject=0x18e5d4*=0xbbe4e4) returned 0x0 [0173.689] WbemLocator:IRpcOptions:Query (in: This=0xbbe4e4, pPrx=0xbbe500, dwProperty=2, pdwValue=0x18e5e0 | out: pdwValue=0x18e5e0) returned 0x80004002 [0173.689] WbemLocator:IUnknown:Release (This=0xbbe4e4) returned 0x3 [0173.689] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x2 [0173.689] CoGetContextToken (in: pToken=0x18eb28 | out: pToken=0x18eb28) returned 0x0 [0173.689] CoGetContextToken (in: pToken=0x18ea88 | out: pToken=0x18ea88) returned 0x0 [0173.689] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x18eb58*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb54 | out: ppvObject=0x18eb54*=0xb7a3d0) returned 0x0 [0173.689] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0173.689] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0173.689] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0173.689] IUnknown:Release (This=0xb7aa10) returned 0x2 [0173.689] SysStringLen (param_1=0x0) returned 0x0 [0173.689] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0173.690] CoTaskMemAlloc (cb=0x4) returned 0xc164d8 [0173.690] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc164d8, puReturned=0x6c1a738 | out: apObjects=0xc164d8*=0xe333300, puReturned=0x6c1a738*=0x1) returned 0x0 [0173.703] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d8 | out: ppvObject=0x18e3d8*=0xe333300) returned 0x0 [0173.703] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e394 | out: ppvObject=0x18e394*=0x0) returned 0x80004002 [0173.703] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1b4 | out: ppvObject=0x18e1b4*=0x0) returned 0x80004002 [0173.703] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df8c | out: ppvObject=0x18df8c*=0x0) returned 0x80004002 [0173.703] IUnknown:AddRef (This=0xe333300) returned 0x3 [0173.703] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dcec | out: ppvObject=0x18dcec*=0x0) returned 0x80004002 [0173.704] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc9c | out: ppvObject=0x18dc9c*=0x0) returned 0x80004002 [0173.704] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca8 | out: ppvObject=0x18dca8*=0xe333304) returned 0x0 [0173.704] IMarshal:GetUnmarshalClass (in: This=0xe333304, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dcb0 | out: pCid=0x18dcb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0173.704] IUnknown:Release (This=0xe333304) returned 0x3 [0173.704] CoGetContextToken (in: pToken=0x18dd08 | out: pToken=0x18dd08) returned 0x0 [0173.704] CoGetContextToken (in: pToken=0x18e110 | out: pToken=0x18e110) returned 0x0 [0173.704] IUnknown:QueryInterface (in: This=0xe333300, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e19c | out: ppvObject=0x18e19c*=0x0) returned 0x80004002 [0173.704] IUnknown:Release (This=0xe333300) returned 0x2 [0173.704] CoGetContextToken (in: pToken=0x18e6e8 | out: pToken=0x18e6e8) returned 0x0 [0173.704] CoGetContextToken (in: pToken=0x18e648 | out: pToken=0x18e648) returned 0x0 [0173.704] IUnknown:QueryInterface (in: This=0xe333300, riid=0x18e718*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e714 | out: ppvObject=0x18e714*=0xe333300) returned 0x0 [0173.704] IUnknown:AddRef (This=0xe333300) returned 0x4 [0173.704] IUnknown:Release (This=0xe333300) returned 0x3 [0173.704] IUnknown:Release (This=0xe333300) returned 0x2 [0173.704] CoTaskMemFree (pv=0xc164d8) [0173.705] CoGetContextToken (in: pToken=0x18ea58 | out: pToken=0x18ea58) returned 0x0 [0173.705] IUnknown:AddRef (This=0xe333300) returned 0x3 [0173.705] IWbemClassObject:Get (in: This=0xe333300, wszName="__GENUS", lFlags=0, pVal=0x18ed6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edec*=0, plFlavor=0x18ede8*=0 | out: pVal=0x18ed6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18edec*=3, plFlavor=0x18ede8*=64) returned 0x0 [0173.705] IWbemClassObject:Get (in: This=0xe333300, wszName="__PATH", lFlags=0, pVal=0x18ed50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edd4*=0, plFlavor=0x18edd0*=0 | out: pVal=0x18ed50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x18edd4*=8, plFlavor=0x18edd0*=64) returned 0x0 [0173.705] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0173.705] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0173.705] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed7c | out: ppv=0x18ed7c*=0xb71a3c) returned 0x0 [0173.705] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed74 | out: pAptType=0x18ed74*=1) returned 0x0 [0173.705] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed78 | out: ppvObject=0x18ed78*=0x0) returned 0x80004002 [0173.705] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.706] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6e0 | out: ppv=0x18e6e0*=0xc16568) returned 0x0 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8fc | out: ppvObject=0x18e8fc*=0x0) returned 0x80004002 [0173.707] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16568, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e908 | out: ppvObject=0x18e908*=0xe335028) returned 0x0 [0173.707] WbemDefPath:IUnknown:Release (This=0xc16568) returned 0x0 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e52c | out: ppvObject=0x18e52c*=0xe335028) returned 0x0 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e8 | out: ppvObject=0x18e4e8*=0x0) returned 0x80004002 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0dc | out: ppvObject=0x18e0dc*=0x0) returned 0x80004002 [0173.707] WbemDefPath:IUnknown:AddRef (This=0xe335028) returned 0x3 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de3c | out: ppvObject=0x18de3c*=0x0) returned 0x80004002 [0173.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddec | out: ppvObject=0x18ddec*=0x0) returned 0x80004002 [0173.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf8 | out: ppvObject=0x18ddf8*=0xe339478) returned 0x0 [0173.708] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339478, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18de00 | out: pCid=0x18de00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.708] WbemDefPath:IUnknown:Release (This=0xe339478) returned 0x3 [0173.708] CoGetContextToken (in: pToken=0x18de58 | out: pToken=0x18de58) returned 0x0 [0173.708] CoGetContextToken (in: pToken=0x18e260 | out: pToken=0x18e260) returned 0x0 [0173.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2ec | out: ppvObject=0x18e2ec*=0x0) returned 0x80004002 [0173.708] WbemDefPath:IUnknown:Release (This=0xe335028) returned 0x2 [0173.708] WbemDefPath:IUnknown:Release (This=0xe335028) returned 0x1 [0173.708] CoGetContextToken (in: pToken=0x18ebf8 | out: pToken=0x18ebf8) returned 0x0 [0173.708] CoGetContextToken (in: pToken=0x18eb58 | out: pToken=0x18eb58) returned 0x0 [0173.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xe335028, riid=0x18ec28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec24 | out: ppvObject=0x18ec24*=0xe335028) returned 0x0 [0173.708] WbemDefPath:IUnknown:AddRef (This=0xe335028) returned 0x3 [0173.708] WbemDefPath:IUnknown:Release (This=0xe335028) returned 0x2 [0173.708] WbemDefPath:IWbemPath:SetText (This=0xe335028, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0173.708] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18eda8 | out: puCount=0x18eda8*=0x2) returned 0x0 [0173.709] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18eda4*=0x0, pszText=0x0 | out: puBuffLength=0x18eda4*=0xf, pszText=0x0) returned 0x0 [0173.709] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18eda4*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eda4*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.711] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe335108, puCount=0x18ed74 | out: puCount=0x18ed74*=0x2) returned 0x0 [0173.711] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18ed70*=0x0, pszText=0x0 | out: puBuffLength=0x18ed70*=0xf, pszText=0x0) returned 0x0 [0173.711] WbemDefPath:IWbemPath:GetText (in: This=0xe335108, lFlags=4, puBuffLength=0x18ed70*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed70*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0173.711] IWbemClassObject:Get (in: This=0xe333300, wszName="AdapterRAM", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1af8c*=0, plFlavor=0x6c1af90*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1af8c*=19, plFlavor=0x6c1af90*=0) returned 0x0 [0173.711] IWbemClassObject:Get (in: This=0xe333300, wszName="AdapterRAM", lFlags=0, pVal=0x18ed78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1af8c*=19, plFlavor=0x6c1af90*=0 | out: pVal=0x18ed78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1af8c*=19, plFlavor=0x6c1af90*=0) returned 0x0 [0173.713] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0173.713] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6c1a738 | out: apObjects=0xc16438*=0x0, puReturned=0x6c1a738*=0x0) returned 0x1 [0173.714] CoTaskMemFree (pv=0xc16438) [0173.715] CoGetContextToken (in: pToken=0x18eca0 | out: pToken=0x18eca0) returned 0x0 [0173.715] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0173.715] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0173.717] CoGetContextToken (in: pToken=0x18eca0 | out: pToken=0x18eca0) returned 0x0 [0173.718] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0173.718] IUnknown:Release (This=0xb7aa10) returned 0x0 [0173.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18edbc | out: puCount=0x18edbc*=0x2) returned 0x0 [0173.798] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edb8*=0x0, pszText=0x0 | out: puBuffLength=0x18edb8*=0xf, pszText=0x0) returned 0x0 [0173.798] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edb8*=0xf, pszText="00000000000000" | out: puBuffLength=0x18edb8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.799] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed44 | out: ppv=0x18ed44*=0xb71a3c) returned 0x0 [0173.799] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed3c | out: pAptType=0x18ed3c*=1) returned 0x0 [0173.799] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed40 | out: ppvObject=0x18ed40*=0x0) returned 0x80004002 [0173.799] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.800] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e950 | out: ppv=0x18e950*=0xe3395b0) returned 0x0 [0173.800] WbemLocator:IUnknown:QueryInterface (in: This=0xe3395b0, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb6c | out: ppvObject=0x18eb6c*=0x0) returned 0x80004002 [0173.800] WbemLocator:IClassFactory:CreateInstance (in: This=0xe3395b0, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb78 | out: ppvObject=0x18eb78*=0xc16578) returned 0x0 [0173.800] WbemLocator:IUnknown:Release (This=0xe3395b0) returned 0x0 [0173.800] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e79c | out: ppvObject=0x18e79c*=0xc16578) returned 0x0 [0173.800] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e758 | out: ppvObject=0x18e758*=0x0) returned 0x80004002 [0173.800] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e34c | out: ppvObject=0x18e34c*=0x0) returned 0x80004002 [0173.800] WbemLocator:IUnknown:AddRef (This=0xc16578) returned 0x3 [0173.801] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0ac | out: ppvObject=0x18e0ac*=0x0) returned 0x80004002 [0173.801] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e05c | out: ppvObject=0x18e05c*=0x0) returned 0x80004002 [0173.801] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e068 | out: ppvObject=0x18e068*=0x0) returned 0x80004002 [0173.801] CoGetContextToken (in: pToken=0x18e0c8 | out: pToken=0x18e0c8) returned 0x0 [0173.801] CoGetContextToken (in: pToken=0x18e4d0 | out: pToken=0x18e4d0) returned 0x0 [0173.801] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e55c | out: ppvObject=0x18e55c*=0x0) returned 0x80004002 [0173.801] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x2 [0173.801] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x1 [0173.801] CoGetContextToken (in: pToken=0x18eb58 | out: pToken=0x18eb58) returned 0x0 [0173.801] CoGetContextToken (in: pToken=0x18eab8 | out: pToken=0x18eab8) returned 0x0 [0173.801] WbemLocator:IUnknown:QueryInterface (in: This=0xc16578, riid=0x18eb88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb84 | out: ppvObject=0x18eb84*=0xc16578) returned 0x0 [0173.801] WbemLocator:IUnknown:AddRef (This=0xc16578) returned 0x3 [0173.801] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x2 [0173.801] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed20 | out: puCount=0x18ed20*=0x2) returned 0x0 [0173.801] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed1c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed1c*=0xf, pszText=0x0) returned 0x0 [0173.802] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.802] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18ebf8 | out: ppv=0x18ebf8*=0xc163c8) returned 0x0 [0173.802] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc163c8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec8c | out: ppNamespace=0x18ec8c*=0xe32ff50) returned 0x0 [0173.824] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ff50, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb20 | out: ppvObject=0x18eb20*=0xbbecdc) returned 0x0 [0173.825] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbecdc, pProxy=0xe32ff50, pAuthnSvc=0x18eb70, pAuthzSvc=0x18eb6c, pServerPrincName=0x18eb64, pAuthnLevel=0x18eb68, pImpLevel=0x18eb58, pAuthInfo=0x18eb5c, pCapabilites=0x18eb60 | out: pAuthnSvc=0x18eb70*=0xa, pAuthzSvc=0x18eb6c*=0x0, pServerPrincName=0x18eb64, pAuthnLevel=0x18eb68*=0x6, pImpLevel=0x18eb58*=0x2, pAuthInfo=0x18eb5c, pCapabilites=0x18eb60*=0x1) returned 0x0 [0173.825] WbemLocator:IUnknown:Release (This=0xbbecdc) returned 0x1 [0173.825] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ff50, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xbbed00) returned 0x0 [0173.825] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ff50, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb00 | out: ppvObject=0x18eb00*=0xbbecdc) returned 0x0 [0173.825] WbemLocator:IClientSecurity:SetBlanket (This=0xbbecdc, pProxy=0xe32ff50, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.825] WbemLocator:IUnknown:Release (This=0xbbecdc) returned 0x2 [0173.825] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0173.825] CoTaskMemFree (pv=0xe2f2948) [0173.825] WbemLocator:IUnknown:Release (This=0xc163c8) returned 0x0 [0173.825] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ff50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0xbbed00) returned 0x0 [0173.826] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6cc | out: ppvObject=0x18e6cc*=0x0) returned 0x80004002 [0173.827] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0x0) returned 0x80004002 [0173.830] WbemLocator:IUnknown:QueryInterface (in: This=0xe32ff50, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2c4 | out: ppvObject=0x18e2c4*=0x0) returned 0x80004002 [0173.832] WbemLocator:IUnknown:AddRef (This=0xbbed00) returned 0x3 [0173.832] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e024 | out: ppvObject=0x18e024*=0x0) returned 0x80004002 [0173.832] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfd4 | out: ppvObject=0x18dfd4*=0x0) returned 0x80004002 [0173.833] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfe0 | out: ppvObject=0x18dfe0*=0xbbec5c) returned 0x0 [0173.833] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbec5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dfe8 | out: pCid=0x18dfe8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.833] WbemLocator:IUnknown:Release (This=0xbbec5c) returned 0x3 [0173.833] CoGetContextToken (in: pToken=0x18e040 | out: pToken=0x18e040) returned 0x0 [0173.833] CoGetContextToken (in: pToken=0x18e448 | out: pToken=0x18e448) returned 0x0 [0173.833] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4d4 | out: ppvObject=0x18e4d4*=0xbbece4) returned 0x0 [0173.833] WbemLocator:IRpcOptions:Query (in: This=0xbbece4, pPrx=0xbbed00, dwProperty=2, pdwValue=0x18e4e0 | out: pdwValue=0x18e4e0) returned 0x80004002 [0173.833] WbemLocator:IUnknown:Release (This=0xbbece4) returned 0x3 [0173.833] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x2 [0173.833] CoGetContextToken (in: pToken=0x18ea20 | out: pToken=0x18ea20) returned 0x0 [0173.833] CoGetContextToken (in: pToken=0x18e980 | out: pToken=0x18e980) returned 0x0 [0173.833] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x18ea50*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18ea4c | out: ppvObject=0x18ea4c*=0xe32ff50) returned 0x0 [0173.834] WbemLocator:IUnknown:AddRef (This=0xe32ff50) returned 0x4 [0173.834] WbemLocator:IUnknown:Release (This=0xe32ff50) returned 0x3 [0173.834] WbemLocator:IUnknown:Release (This=0xe32ff50) returned 0x2 [0173.834] SysStringLen (param_1=0x0) returned 0x0 [0173.834] CoGetContextToken (in: pToken=0x18ea28 | out: pToken=0x18ea28) returned 0x0 [0173.834] WbemLocator:IUnknown:AddRef (This=0xbbed00) returned 0x3 [0173.834] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8bc | out: ppvObject=0x18e8bc*=0xbbed00) returned 0x0 [0173.834] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x3 [0173.834] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x2 [0173.834] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0173.834] WbemLocator:IUnknown:AddRef (This=0xe32ff50) returned 0x3 [0173.834] IWbemServices:ExecQuery (in: This=0xe32ff50, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x18ed2c | out: ppEnum=0x18ed2c*=0xb7aa10) returned 0x0 [0173.917] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb7c | out: ppvObject=0x18eb7c*=0xb7aa14) returned 0x0 [0173.918] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ebcc, pAuthzSvc=0x18ebc8, pServerPrincName=0x18ebc0, pAuthnLevel=0x18ebc4, pImpLevel=0x18ebb4, pAuthInfo=0x18ebb8, pCapabilites=0x18ebbc | out: pAuthnSvc=0x18ebcc*=0xa, pAuthzSvc=0x18ebc8*=0x0, pServerPrincName=0x18ebc0, pAuthnLevel=0x18ebc4*=0x6, pImpLevel=0x18ebb4*=0x2, pAuthInfo=0x18ebb8, pCapabilites=0x18ebbc*=0x1) returned 0x0 [0173.918] IUnknown:Release (This=0xb7aa14) returned 0x1 [0173.918] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb70 | out: ppvObject=0x18eb70*=0xbbe500) returned 0x0 [0173.918] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb5c | out: ppvObject=0x18eb5c*=0xb7aa14) returned 0x0 [0173.918] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.937] IUnknown:Release (This=0xb7aa14) returned 0x2 [0173.937] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0173.937] CoTaskMemFree (pv=0xe2f2e28) [0173.937] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e768 | out: ppvObject=0x18e768*=0xbbe500) returned 0x0 [0173.938] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e724 | out: ppvObject=0x18e724*=0x0) returned 0x80004002 [0173.938] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e544 | out: ppvObject=0x18e544*=0x0) returned 0x80004002 [0173.938] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e31c | out: ppvObject=0x18e31c*=0x0) returned 0x80004002 [0173.939] WbemLocator:IUnknown:AddRef (This=0xbbe500) returned 0x3 [0173.939] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e07c | out: ppvObject=0x18e07c*=0x0) returned 0x80004002 [0173.939] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e02c | out: ppvObject=0x18e02c*=0x0) returned 0x80004002 [0173.939] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e038 | out: ppvObject=0x18e038*=0xbbe45c) returned 0x0 [0173.939] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe45c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e040 | out: pCid=0x18e040*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.939] WbemLocator:IUnknown:Release (This=0xbbe45c) returned 0x3 [0173.939] CoGetContextToken (in: pToken=0x18e098 | out: pToken=0x18e098) returned 0x0 [0173.940] CoGetContextToken (in: pToken=0x18e4a0 | out: pToken=0x18e4a0) returned 0x0 [0173.940] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e52c | out: ppvObject=0x18e52c*=0xbbe4e4) returned 0x0 [0173.940] WbemLocator:IRpcOptions:Query (in: This=0xbbe4e4, pPrx=0xbbe500, dwProperty=2, pdwValue=0x18e538 | out: pdwValue=0x18e538) returned 0x80004002 [0173.940] WbemLocator:IUnknown:Release (This=0xbbe4e4) returned 0x3 [0173.940] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x2 [0173.940] CoGetContextToken (in: pToken=0x18ea78 | out: pToken=0x18ea78) returned 0x0 [0173.940] CoGetContextToken (in: pToken=0x18e9d8 | out: pToken=0x18e9d8) returned 0x0 [0173.940] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x18eaa8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xb7aa10) returned 0x0 [0173.940] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0173.940] IUnknown:Release (This=0xb7aa10) returned 0x3 [0173.940] IUnknown:Release (This=0xb7aa10) returned 0x2 [0173.940] WbemLocator:IUnknown:Release (This=0xe32ff50) returned 0x2 [0173.940] SysStringLen (param_1=0x0) returned 0x0 [0173.940] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed78 | out: puCount=0x18ed78*=0x2) returned 0x0 [0173.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed74*=0x0, pszText=0x0 | out: puBuffLength=0x18ed74*=0xf, pszText=0x0) returned 0x0 [0173.941] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed74*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.941] CoGetContextToken (in: pToken=0x18ebc8 | out: pToken=0x18ebc8) returned 0x0 [0173.941] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0173.941] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ed84 | out: ppEnum=0x18ed84*=0xb7a3d0) returned 0x0 [0173.942] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec40 | out: ppvObject=0x18ec40*=0xb7a3d4) returned 0x0 [0173.942] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18ec90, pAuthzSvc=0x18ec8c, pServerPrincName=0x18ec84, pAuthnLevel=0x18ec88, pImpLevel=0x18ec78, pAuthInfo=0x18ec7c, pCapabilites=0x18ec80 | out: pAuthnSvc=0x18ec90*=0xa, pAuthzSvc=0x18ec8c*=0x0, pServerPrincName=0x18ec84, pAuthnLevel=0x18ec88*=0x6, pImpLevel=0x18ec78*=0x2, pAuthInfo=0x18ec7c, pCapabilites=0x18ec80*=0x1) returned 0x0 [0173.942] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0173.942] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec34 | out: ppvObject=0x18ec34*=0xbbf800) returned 0x0 [0173.942] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec20 | out: ppvObject=0x18ec20*=0xb7a3d4) returned 0x0 [0173.942] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.947] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0173.948] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0173.948] CoTaskMemFree (pv=0xe2f28e8) [0173.948] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e81c | out: ppvObject=0x18e81c*=0xbbf800) returned 0x0 [0173.948] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e7d8 | out: ppvObject=0x18e7d8*=0x0) returned 0x80004002 [0173.948] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5f4 | out: ppvObject=0x18e5f4*=0x0) returned 0x80004002 [0173.949] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e3cc | out: ppvObject=0x18e3cc*=0x0) returned 0x80004002 [0173.949] WbemLocator:IUnknown:AddRef (This=0xbbf800) returned 0x3 [0173.950] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e12c | out: ppvObject=0x18e12c*=0x0) returned 0x80004002 [0173.950] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e0dc | out: ppvObject=0x18e0dc*=0x0) returned 0x80004002 [0173.950] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0e8 | out: ppvObject=0x18e0e8*=0xbbf75c) returned 0x0 [0173.950] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf75c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0f0 | out: pCid=0x18e0f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.950] WbemLocator:IUnknown:Release (This=0xbbf75c) returned 0x3 [0173.950] CoGetContextToken (in: pToken=0x18e148 | out: pToken=0x18e148) returned 0x0 [0173.950] CoGetContextToken (in: pToken=0x18e550 | out: pToken=0x18e550) returned 0x0 [0173.950] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5dc | out: ppvObject=0x18e5dc*=0xbbf7e4) returned 0x0 [0173.950] WbemLocator:IRpcOptions:Query (in: This=0xbbf7e4, pPrx=0xbbf800, dwProperty=2, pdwValue=0x18e5e8 | out: pdwValue=0x18e5e8) returned 0x80004002 [0173.950] WbemLocator:IUnknown:Release (This=0xbbf7e4) returned 0x3 [0173.950] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x2 [0173.950] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0173.950] CoGetContextToken (in: pToken=0x18ea90 | out: pToken=0x18ea90) returned 0x0 [0173.950] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x18eb60*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb5c | out: ppvObject=0x18eb5c*=0xb7a3d0) returned 0x0 [0173.951] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0173.951] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0173.951] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0173.951] IUnknown:Release (This=0xb7aa10) returned 0x2 [0173.951] SysStringLen (param_1=0x0) returned 0x0 [0173.951] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0173.952] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0173.952] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6c1bc10 | out: apObjects=0xc16468*=0xe333e28, puReturned=0x6c1bc10*=0x1) returned 0x0 [0173.956] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3e0 | out: ppvObject=0x18e3e0*=0xe333e28) returned 0x0 [0173.956] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e39c | out: ppvObject=0x18e39c*=0x0) returned 0x80004002 [0173.956] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1bc | out: ppvObject=0x18e1bc*=0x0) returned 0x80004002 [0173.956] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df94 | out: ppvObject=0x18df94*=0x0) returned 0x80004002 [0173.956] IUnknown:AddRef (This=0xe333e28) returned 0x3 [0173.957] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dcf4 | out: ppvObject=0x18dcf4*=0x0) returned 0x80004002 [0173.957] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dca4 | out: ppvObject=0x18dca4*=0x0) returned 0x80004002 [0173.957] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dcb0 | out: ppvObject=0x18dcb0*=0xe333e2c) returned 0x0 [0173.957] IMarshal:GetUnmarshalClass (in: This=0xe333e2c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dcb8 | out: pCid=0x18dcb8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0173.957] IUnknown:Release (This=0xe333e2c) returned 0x3 [0173.957] CoGetContextToken (in: pToken=0x18dd10 | out: pToken=0x18dd10) returned 0x0 [0173.957] CoGetContextToken (in: pToken=0x18e118 | out: pToken=0x18e118) returned 0x0 [0173.957] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e1a4 | out: ppvObject=0x18e1a4*=0x0) returned 0x80004002 [0173.957] IUnknown:Release (This=0xe333e28) returned 0x2 [0173.957] CoGetContextToken (in: pToken=0x18e6f0 | out: pToken=0x18e6f0) returned 0x0 [0173.957] CoGetContextToken (in: pToken=0x18e650 | out: pToken=0x18e650) returned 0x0 [0173.957] IUnknown:QueryInterface (in: This=0xe333e28, riid=0x18e720*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e71c | out: ppvObject=0x18e71c*=0xe333e28) returned 0x0 [0173.957] IUnknown:AddRef (This=0xe333e28) returned 0x4 [0173.957] IUnknown:Release (This=0xe333e28) returned 0x3 [0173.958] IUnknown:Release (This=0xe333e28) returned 0x2 [0173.958] CoTaskMemFree (pv=0xc16468) [0173.958] CoGetContextToken (in: pToken=0x18ea60 | out: pToken=0x18ea60) returned 0x0 [0173.958] IUnknown:AddRef (This=0xe333e28) returned 0x3 [0173.958] IWbemClassObject:Get (in: This=0xe333e28, wszName="__GENUS", lFlags=0, pVal=0x18ed74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edf4*=0, plFlavor=0x18edf0*=0 | out: pVal=0x18ed74*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18edf4*=3, plFlavor=0x18edf0*=64) returned 0x0 [0173.958] IWbemClassObject:Get (in: This=0xe333e28, wszName="__PATH", lFlags=0, pVal=0x18ed58*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18eddc*=0, plFlavor=0x18edd8*=0 | out: pVal=0x18ed58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x18eddc*=8, plFlavor=0x18edd8*=64) returned 0x0 [0173.958] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0173.958] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0173.958] CoGetObjectContext (in: riid=0x6b95d90*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed84 | out: ppv=0x18ed84*=0xb71a3c) returned 0x0 [0173.958] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed7c | out: pAptType=0x18ed7c*=1) returned 0x0 [0173.958] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b95d78*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed80 | out: ppvObject=0x18ed80*=0x0) returned 0x80004002 [0173.959] IUnknown:Release (This=0xb71a3c) returned 0x1 [0173.960] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6e8 | out: ppv=0x18e6e8*=0xc16468) returned 0x0 [0173.960] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e904 | out: ppvObject=0x18e904*=0x0) returned 0x80004002 [0173.960] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16468, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e910 | out: ppvObject=0x18e910*=0xe3358e8) returned 0x0 [0173.960] WbemDefPath:IUnknown:Release (This=0xc16468) returned 0x0 [0173.960] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e534 | out: ppvObject=0x18e534*=0xe3358e8) returned 0x0 [0173.960] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4f0 | out: ppvObject=0x18e4f0*=0x0) returned 0x80004002 [0173.960] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0173.961] WbemDefPath:IUnknown:AddRef (This=0xe3358e8) returned 0x3 [0173.961] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de44 | out: ppvObject=0x18de44*=0x0) returned 0x80004002 [0173.961] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddf4 | out: ppvObject=0x18ddf4*=0x0) returned 0x80004002 [0173.961] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18de00 | out: ppvObject=0x18de00*=0xe339610) returned 0x0 [0173.961] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339610, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18de08 | out: pCid=0x18de08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.961] WbemDefPath:IUnknown:Release (This=0xe339610) returned 0x3 [0173.961] CoGetContextToken (in: pToken=0x18de60 | out: pToken=0x18de60) returned 0x0 [0173.961] CoGetContextToken (in: pToken=0x18e268 | out: pToken=0x18e268) returned 0x0 [0173.961] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2f4 | out: ppvObject=0x18e2f4*=0x0) returned 0x80004002 [0173.961] WbemDefPath:IUnknown:Release (This=0xe3358e8) returned 0x2 [0173.961] WbemDefPath:IUnknown:Release (This=0xe3358e8) returned 0x1 [0173.962] CoGetContextToken (in: pToken=0x18ec00 | out: pToken=0x18ec00) returned 0x0 [0173.962] CoGetContextToken (in: pToken=0x18eb60 | out: pToken=0x18eb60) returned 0x0 [0173.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3358e8, riid=0x18ec30*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec2c | out: ppvObject=0x18ec2c*=0xe3358e8) returned 0x0 [0173.962] WbemDefPath:IUnknown:AddRef (This=0xe3358e8) returned 0x3 [0173.962] WbemDefPath:IUnknown:Release (This=0xe3358e8) returned 0x2 [0173.962] WbemDefPath:IWbemPath:SetText (This=0xe3358e8, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18edb0 | out: puCount=0x18edb0*=0x2) returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edac*=0x0, pszText=0x0 | out: puBuffLength=0x18edac*=0xf, pszText=0x0) returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18edac*=0xf, pszText="00000000000000" | out: puBuffLength=0x18edac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed7c | out: puCount=0x18ed7c*=0x2) returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed78*=0x0, pszText=0x0 | out: puBuffLength=0x18ed78*=0xf, pszText=0x0) returned 0x0 [0173.962] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed78*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed78*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.962] IWbemClassObject:Get (in: This=0xe333e28, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x18ed78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1c4c0*=0, plFlavor=0x6c1c4c4*=0 | out: pVal=0x18ed78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096620", varVal2=0x0), pType=0x6c1c4c0*=21, plFlavor=0x6c1c4c4*=0) returned 0x0 [0173.962] SysStringByteLen (bstr="2096620") returned 0xe [0173.963] SysStringByteLen (bstr="2096620") returned 0xe [0173.963] IWbemClassObject:Get (in: This=0xe333e28, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x18ed80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c1c4c0*=21, plFlavor=0x6c1c4c4*=0 | out: pVal=0x18ed80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096620", varVal2=0x0), pType=0x6c1c4c0*=21, plFlavor=0x6c1c4c4*=0) returned 0x0 [0173.963] SysStringByteLen (bstr="2096620") returned 0xe [0173.963] SysStringByteLen (bstr="2096620") returned 0xe [0173.976] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0173.976] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6c1bc10 | out: apObjects=0xc16468*=0x0, puReturned=0x6c1bc10*=0x0) returned 0x1 [0173.977] CoTaskMemFree (pv=0xc16468) [0173.977] CoGetContextToken (in: pToken=0x18eca8 | out: pToken=0x18eca8) returned 0x0 [0173.977] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0173.977] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0173.980] CoGetContextToken (in: pToken=0x18eca8 | out: pToken=0x18eca8) returned 0x0 [0173.980] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0173.980] IUnknown:Release (This=0xb7aa10) returned 0x0 [0173.995] CoCreateGuid (in: pguid=0x18eb68 | out: pguid=0x18eb68*(Data1=0xaa5a09e3, Data2=0x5bb0, Data3=0x4142, Data4=([0]=0xb3, [1]=0x4, [2]=0x14, [3]=0xe6, [4]=0x89, [5]=0xaf, [6]=0x79, [7]=0xb7))) returned 0x0 [0173.995] CoCreateGuid (in: pguid=0x18eaa8 | out: pguid=0x18eaa8*(Data1=0x16d1e471, Data2=0x10c2, Data3=0x4c78, Data4=([0]=0x92, [1]=0x1, [2]=0xdd, [3]=0x76, [4]=0x5c, [5]=0xba, [6]=0x47, [7]=0x6b))) returned 0x0 [0174.162] send (s=0x348, buf=0x6bbe833*, len=292, flags=0) returned 292 [0174.163] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 128 [0174.447] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.448] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net") returned 0x2f [0174.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2e [0174.508] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\battle.net\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.515] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.516] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned 0x37 [0174.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0174.518] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.520] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.520] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3c [0174.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.522] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0174.522] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.525] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.525] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x41 [0174.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.527] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x40 [0174.527] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google(x86)\\chrome\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.530] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.530] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\") returned 0x36 [0174.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0174.532] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.535] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.535] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x45 [0174.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.537] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0174.537] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.540] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.540] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data") returned 0x36 [0174.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0174.543] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.545] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.546] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x3a [0174.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0174.548] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.550] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.550] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned 0x3a [0174.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0174.553] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.555] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.555] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data") returned 0x35 [0174.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.557] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0174.557] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.563] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.563] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned 0x36 [0174.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.565] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0174.566] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.568] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.568] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned 0x35 [0174.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0174.571] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.573] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.573] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned 0x3f [0174.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.580] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0174.580] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.583] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.583] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x43 [0174.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0174.585] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.587] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.587] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3d [0174.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.589] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0174.589] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.592] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.592] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x58 [0174.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0174.593] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.596] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.597] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x43 [0174.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0174.598] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.601] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.601] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x3c [0174.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0174.602] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.605] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.605] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data") returned 0x35 [0174.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.608] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0174.608] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.610] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.610] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned 0x37 [0174.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.612] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0174.612] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.614] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.614] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned 0x36 [0174.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0174.616] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.618] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.618] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x3c [0174.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.620] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0174.620] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.622] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.622] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data") returned 0x39 [0174.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x38 [0174.624] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.626] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.626] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned 0x34 [0174.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.627] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0174.627] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.630] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.630] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x43 [0174.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.631] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0174.631] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.634] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.634] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data") returned 0x35 [0174.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x34 [0174.635] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.638] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.638] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x41 [0174.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x40 [0174.640] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.642] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.642] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data") returned 0x37 [0174.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x36 [0174.643] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon3\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.645] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.645] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data") returned 0x36 [0174.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.646] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x35 [0174.646] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\k-melon\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.648] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.648] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3e [0174.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0174.648] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.650] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.650] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned 0x37 [0174.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.650] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x36 [0174.650] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.652] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.652] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3d [0174.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.652] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0174.653] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.655] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.655] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data") returned 0x33 [0174.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.655] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x32 [0174.655] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\uran\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.657] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.657] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data") returned 0x37 [0174.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x36 [0174.657] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromodo\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.659] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.659] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x3b [0174.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x3a [0174.659] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mail.ru\\atom\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.661] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.661] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x4a [0174.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0174.661] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.662] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.663] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3d [0174.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0174.663] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.664] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.664] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x51 [0174.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.665] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x50 [0174.665] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nvidia corporation\\nvidia geforce experience\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam") returned 0x2a [0174.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.667] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x29 [0174.667] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\steam\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.723] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.723] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x18e8b0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x40 [0174.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e86c) returned 1 [0174.723] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3f [0174.723] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\*"), lpFindFileData=0x18e594 | out: lpFindFileData=0x18e594*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e830) returned 1 [0174.766] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.766] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Mozilla\\Firefox", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x36 [0174.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.767] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x35 [0174.767] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.770] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.770] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Waterfox", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox") returned 0x2f [0174.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.771] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox", lpFilePart=0x0) returned 0x2e [0174.771] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.773] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.774] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\K-Meleon", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon") returned 0x2f [0174.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon", lpFilePart=0x0) returned 0x2e [0174.774] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.777] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.777] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Thunderbird", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird") returned 0x32 [0174.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird", lpFilePart=0x0) returned 0x31 [0174.778] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Comodo\\IceDragon", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon") returned 0x37 [0174.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.782] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon", lpFilePart=0x0) returned 0x36 [0174.782] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox") returned 0x3c [0174.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpFilePart=0x0) returned 0x3b [0174.785] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.788] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.788] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw") returned 0x44 [0174.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.789] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpFilePart=0x0) returned 0x43 [0174.789] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhaw\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.791] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0174.791] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpDst=0x18ec70, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon") returned 0x46 [0174.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec2c) returned 1 [0174.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", nBufferLength=0x105, lpBuffer=0x18e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpFilePart=0x0) returned 0x45 [0174.792] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\*"), lpFindFileData=0x18e954 | out: lpFindFileData=0x18e954*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0174.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebf0) returned 1 [0174.817] CoCreateGuid (in: pguid=0x18ebd4 | out: pguid=0x18ebd4*(Data1=0x90cf2ee3, Data2=0x2eb2, Data3=0x464a, Data4=([0]=0xb5, [1]=0x69, [2]=0x14, [3]=0x6, [4]=0x74, [5]=0x67, [6]=0xc, [7]=0x8d))) returned 0x0 [0174.817] CoCreateGuid (in: pguid=0x18eb14 | out: pguid=0x18eb14*(Data1=0x5f21ec33, Data2=0x72d4, Data3=0x44d8, Data4=([0]=0xbf, [1]=0xdf, [2]=0xb0, [3]=0xe9, [4]=0x6b, [5]=0x63, [6]=0xdc, [7]=0x69))) returned 0x0 [0174.819] send (s=0x348, buf=0x6b5953f*, len=171, flags=0) returned 171 [0174.820] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 128 [0174.948] CoTaskMemAlloc (cb=0x20c) returned 0xbdca90 [0174.948] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xbdca90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.949] CoTaskMemFree (pv=0xbdca90) [0174.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0174.949] CoTaskMemAlloc (cb=0x20c) returned 0xbdbda0 [0174.949] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xbdbda0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0174.949] CoTaskMemFree (pv=0xbdbda0) [0174.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0174.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x18e998, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0174.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ee40) returned 1 [0174.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0x18eebc | out: lpFileInformation=0x18eebc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0174.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ee3c) returned 1 [0174.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml", nBufferLength=0x105, lpBuffer=0x18e998, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml", lpFilePart=0x0) returned 0x3f [0174.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ee40) returned 1 [0174.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\sitemanager.xml"), fInfoLevelId=0x0, lpFileInformation=0x18eebc | out: lpFileInformation=0x18eebc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0174.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ee3c) returned 1 [0174.955] CoCreateGuid (in: pguid=0x18ec04 | out: pguid=0x18ec04*(Data1=0xa53b4672, Data2=0x7280, Data3=0x43da, Data4=([0]=0xb8, [1]=0xcd, [2]=0xb0, [3]=0xa2, [4]=0x17, [5]=0x10, [6]=0x3f, [7]=0x34))) returned 0x0 [0174.955] CoCreateGuid (in: pguid=0x18eb44 | out: pguid=0x18eb44*(Data1=0xc23d9fa5, Data2=0x1588, Data3=0x4241, Data4=([0]=0x8a, [1]=0x80, [2]=0x12, [3]=0x23, [4]=0x65, [5]=0xb7, [6]=0xc8, [7]=0x7c))) returned 0x0 [0174.955] send (s=0x348, buf=0x6b5953f*, len=167, flags=0) returned 167 [0174.956] recv (in: s=0x348, buf=0x6b5a9b4, len=8192, flags=0 | out: buf=0x6b5a9b4*) returned 128 [0175.078] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x18ebdc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0175.078] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Desktop", lpDst=0x18ebdc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1e [0175.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0175.096] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.txt"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0175.099] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.doc*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.doc*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0175.100] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*key*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*key*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0175.100] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*wallet*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*wallet*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0175.101] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*seed*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*seed*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.103] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x18ebdc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0175.104] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents", lpDst=0x18ebdc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x20 [0175.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.104] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.104] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.txt"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.105] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.105] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.doc*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.doc*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x722394c0, ftCreationTime.dwHighDateTime=0x1d93a41, ftLastAccessTime.dwLowDateTime=0x416159c0, ftLastAccessTime.dwHighDateTime=0x1d9acd9, ftLastWriteTime.dwLowDateTime=0x416159c0, ftLastWriteTime.dwHighDateTime=0x1d9acd9, nFileSizeHigh=0x0, nFileSizeLow=0x10ea7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ZsQ3dGKybw9tzKl8xQF.docx", cAlternateFileName="7ZSQ3D~1.DOC")) returned 0xc294d8 [0175.107] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc11d90, ftCreationTime.dwHighDateTime=0x1d9665e, ftLastAccessTime.dwLowDateTime=0x5818c9b0, ftLastAccessTime.dwHighDateTime=0x1d9b4da, ftLastWriteTime.dwLowDateTime=0x5818c9b0, ftLastWriteTime.dwHighDateTime=0x1d9b4da, nFileSizeHigh=0x0, nFileSizeLow=0x8e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="J699sJ9JB50Zk.docx", cAlternateFileName="J699SJ~1.DOC")) returned 1 [0175.107] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed45450, ftCreationTime.dwHighDateTime=0x1d96dfd, ftLastAccessTime.dwLowDateTime=0xdd648350, ftLastAccessTime.dwHighDateTime=0x1d98b65, ftLastWriteTime.dwLowDateTime=0xdd648350, ftLastWriteTime.dwHighDateTime=0x1d98b65, nFileSizeHigh=0x0, nFileSizeLow=0xa176, dwReserved0=0x0, dwReserved1=0x0, cFileName="luhlfjJ.docx", cAlternateFileName="LUHLFJ~1.DOC")) returned 1 [0175.107] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6495b0, ftCreationTime.dwHighDateTime=0x1d9b32d, ftLastAccessTime.dwLowDateTime=0x3ffd64e0, ftLastAccessTime.dwHighDateTime=0x1d9b498, ftLastWriteTime.dwLowDateTime=0x3ffd64e0, ftLastWriteTime.dwHighDateTime=0x1d9b498, nFileSizeHigh=0x0, nFileSizeLow=0xdc83, dwReserved0=0x0, dwReserved1=0x0, cFileName="RgOhn-.docx", cAlternateFileName="RGOHN-~1.DOC")) returned 1 [0175.107] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc290a0, ftCreationTime.dwHighDateTime=0x1d9472f, ftLastAccessTime.dwLowDateTime=0xbad6f9e0, ftLastAccessTime.dwHighDateTime=0x1d9a7cf, ftLastWriteTime.dwLowDateTime=0xbad6f9e0, ftLastWriteTime.dwHighDateTime=0x1d9a7cf, nFileSizeHigh=0x0, nFileSizeLow=0x18cc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tLgkr3An1fAi.docx", cAlternateFileName="TLGKR3~1.DOC")) returned 1 [0175.108] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b15ba0, ftCreationTime.dwHighDateTime=0x1d92ebb, ftLastAccessTime.dwLowDateTime=0xf78ac710, ftLastAccessTime.dwHighDateTime=0x1d97e24, ftLastWriteTime.dwLowDateTime=0xf78ac710, ftLastWriteTime.dwHighDateTime=0x1d97e24, nFileSizeHigh=0x0, nFileSizeLow=0x8d1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="VrpfZbSw9gBYhVW.docx", cAlternateFileName="VRPFZB~1.DOC")) returned 1 [0175.108] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54688660, ftCreationTime.dwHighDateTime=0x1d9b00d, ftLastAccessTime.dwLowDateTime=0x37277ef0, ftLastAccessTime.dwHighDateTime=0x1d9b457, ftLastWriteTime.dwLowDateTime=0x37277ef0, ftLastWriteTime.dwHighDateTime=0x1d9b457, nFileSizeHigh=0x0, nFileSizeLow=0x9152, dwReserved0=0x0, dwReserved1=0x0, cFileName="_jObeByM_Q2NQx.docx", cAlternateFileName="_JOBEB~1.DOC")) returned 1 [0175.108] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e8ec | out: lpFindFileData=0x18e8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0175.108] FindClose (in: hFindFile=0xc294d8 | out: hFindFile=0xc294d8) returned 1 [0175.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.109] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*key*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*key*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.110] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*wallet*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*wallet*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebb8) returned 1 [0175.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.110] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*seed*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*seed*"), lpFindFileData=0x18e8e0 | out: lpFindFileData=0x18e8e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0175.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb74) returned 1 [0175.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb80) returned 1 [0175.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", lpFilePart=0x0) returned 0x39 [0175.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\7zsq3dgkybw9tzkl8xqf.docx"), fInfoLevelId=0x0, lpFileInformation=0x6c58674 | out: lpFileInformation=0x6c58674*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x722394c0, ftCreationTime.dwHighDateTime=0x1d93a41, ftLastAccessTime.dwLowDateTime=0x416159c0, ftLastAccessTime.dwHighDateTime=0x1d9acd9, ftLastWriteTime.dwLowDateTime=0x416159c0, ftLastWriteTime.dwHighDateTime=0x1d9acd9, nFileSizeHigh=0x0, nFileSizeLow=0x10ea7)) returned 1 [0175.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.138] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", lpFilePart=0x0) returned 0x39 [0175.164] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", lpFilePart=0x0) returned 0x39 [0175.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\7zsq3dgkybw9tzkl8xqf.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x722394c0, ftCreationTime.dwHighDateTime=0x1d93a41, ftLastAccessTime.dwLowDateTime=0x416159c0, ftLastAccessTime.dwHighDateTime=0x1d9acd9, ftLastWriteTime.dwLowDateTime=0x416159c0, ftLastWriteTime.dwHighDateTime=0x1d9acd9, nFileSizeHigh=0x0, nFileSizeLow=0x10ea7)) returned 1 [0175.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.165] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx", lpFilePart=0x0) returned 0x39 [0175.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.165] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\7ZsQ3dGKybw9tzKl8xQF.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\7zsq3dgkybw9tzkl8xqf.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x408 [0175.165] GetFileType (hFile=0x408) returned 0x1 [0175.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.165] GetFileType (hFile=0x408) returned 0x1 [0175.177] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.178] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.178] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.179] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.180] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.180] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.180] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.180] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.181] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.181] ReadFile (in: hFile=0x408, lpBuffer=0x6c59de4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c59de4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.228] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.228] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.229] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.229] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.229] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.229] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.230] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0xea7, lpOverlapped=0x0) returned 1 [0175.230] ReadFile (in: hFile=0x408, lpBuffer=0x6b48773, nNumberOfBytesToRead=0x159, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b48773*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.230] ReadFile (in: hFile=0x408, lpBuffer=0x6b4892c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b4892c*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.234] CloseHandle (hObject=0x408) returned 1 [0175.307] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", lpFilePart=0x0) returned 0x32 [0175.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\j699sj9jb50zk.docx"), fInfoLevelId=0x0, lpFileInformation=0x6b7e60c | out: lpFileInformation=0x6b7e60c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc11d90, ftCreationTime.dwHighDateTime=0x1d9665e, ftLastAccessTime.dwLowDateTime=0x5818c9b0, ftLastAccessTime.dwHighDateTime=0x1d9b4da, ftLastWriteTime.dwLowDateTime=0x5818c9b0, ftLastWriteTime.dwHighDateTime=0x1d9b4da, nFileSizeHigh=0x0, nFileSizeLow=0x8e5d)) returned 1 [0175.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.307] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.307] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", lpFilePart=0x0) returned 0x32 [0175.307] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", lpFilePart=0x0) returned 0x32 [0175.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\j699sj9jb50zk.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc11d90, ftCreationTime.dwHighDateTime=0x1d9665e, ftLastAccessTime.dwLowDateTime=0x5818c9b0, ftLastAccessTime.dwHighDateTime=0x1d9b4da, ftLastWriteTime.dwLowDateTime=0x5818c9b0, ftLastWriteTime.dwHighDateTime=0x1d9b4da, nFileSizeHigh=0x0, nFileSizeLow=0x8e5d)) returned 1 [0175.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx", lpFilePart=0x0) returned 0x32 [0175.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.308] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\J699sJ9JB50Zk.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\j699sj9jb50zk.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.308] GetFileType (hFile=0x350) returned 0x1 [0175.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.308] GetFileType (hFile=0x350) returned 0x1 [0175.308] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.309] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.309] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.310] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.310] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.310] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.310] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.311] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.311] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0xe5d, lpOverlapped=0x0) returned 1 [0175.311] ReadFile (in: hFile=0x350, lpBuffer=0x6b7efdd, nNumberOfBytesToRead=0x1a3, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7efdd*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.311] ReadFile (in: hFile=0x350, lpBuffer=0x6b7f9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6b7f9e0*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.312] CloseHandle (hObject=0x350) returned 1 [0175.312] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", lpFilePart=0x0) returned 0x2c [0175.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\luhlfjj.docx"), fInfoLevelId=0x0, lpFileInformation=0x6baf050 | out: lpFileInformation=0x6baf050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed45450, ftCreationTime.dwHighDateTime=0x1d96dfd, ftLastAccessTime.dwLowDateTime=0xdd648350, ftLastAccessTime.dwHighDateTime=0x1d98b65, ftLastWriteTime.dwLowDateTime=0xdd648350, ftLastWriteTime.dwHighDateTime=0x1d98b65, nFileSizeHigh=0x0, nFileSizeLow=0xa176)) returned 1 [0175.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", lpFilePart=0x0) returned 0x2c [0175.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", lpFilePart=0x0) returned 0x2c [0175.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\luhlfjj.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed45450, ftCreationTime.dwHighDateTime=0x1d96dfd, ftLastAccessTime.dwLowDateTime=0xdd648350, ftLastAccessTime.dwHighDateTime=0x1d98b65, ftLastWriteTime.dwLowDateTime=0xdd648350, ftLastWriteTime.dwHighDateTime=0x1d98b65, nFileSizeHigh=0x0, nFileSizeLow=0xa176)) returned 1 [0175.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx", lpFilePart=0x0) returned 0x2c [0175.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.313] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\luhlfjJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\luhlfjj.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.313] GetFileType (hFile=0x350) returned 0x1 [0175.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.313] GetFileType (hFile=0x350) returned 0x1 [0175.314] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.315] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.315] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.315] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.315] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.316] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.316] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.316] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.317] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.317] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.317] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x176, lpOverlapped=0x0) returned 1 [0175.317] ReadFile (in: hFile=0x350, lpBuffer=0x6bb03c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6bb03c4*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.318] CloseHandle (hObject=0x350) returned 1 [0175.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", lpFilePart=0x0) returned 0x2b [0175.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rgohn-.docx"), fInfoLevelId=0x0, lpFileInformation=0x6be7228 | out: lpFileInformation=0x6be7228*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6495b0, ftCreationTime.dwHighDateTime=0x1d9b32d, ftLastAccessTime.dwLowDateTime=0x3ffd64e0, ftLastAccessTime.dwHighDateTime=0x1d9b498, ftLastWriteTime.dwLowDateTime=0x3ffd64e0, ftLastWriteTime.dwHighDateTime=0x1d9b498, nFileSizeHigh=0x0, nFileSizeLow=0xdc83)) returned 1 [0175.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", lpFilePart=0x0) returned 0x2b [0175.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", lpFilePart=0x0) returned 0x2b [0175.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rgohn-.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6495b0, ftCreationTime.dwHighDateTime=0x1d9b32d, ftLastAccessTime.dwLowDateTime=0x3ffd64e0, ftLastAccessTime.dwHighDateTime=0x1d9b498, ftLastWriteTime.dwLowDateTime=0x3ffd64e0, ftLastWriteTime.dwHighDateTime=0x1d9b498, nFileSizeHigh=0x0, nFileSizeLow=0xdc83)) returned 1 [0175.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.319] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx", lpFilePart=0x0) returned 0x2b [0175.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.319] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RgOhn-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rgohn-.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.319] GetFileType (hFile=0x350) returned 0x1 [0175.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.319] GetFileType (hFile=0x350) returned 0x1 [0175.319] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.320] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.320] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.320] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.320] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.321] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.321] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.321] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.322] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.322] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.322] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.322] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.323] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.323] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0xc83, lpOverlapped=0x0) returned 1 [0175.323] ReadFile (in: hFile=0x350, lpBuffer=0x6be799f, nNumberOfBytesToRead=0x37d, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be799f*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.323] ReadFile (in: hFile=0x350, lpBuffer=0x6be857c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6be857c*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.326] CloseHandle (hObject=0x350) returned 1 [0175.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", lpFilePart=0x0) returned 0x31 [0175.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tlgkr3an1fai.docx"), fInfoLevelId=0x0, lpFileInformation=0x6c16940 | out: lpFileInformation=0x6c16940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc290a0, ftCreationTime.dwHighDateTime=0x1d9472f, ftLastAccessTime.dwLowDateTime=0xbad6f9e0, ftLastAccessTime.dwHighDateTime=0x1d9a7cf, ftLastWriteTime.dwLowDateTime=0xbad6f9e0, ftLastWriteTime.dwHighDateTime=0x1d9a7cf, nFileSizeHigh=0x0, nFileSizeLow=0x18cc5)) returned 1 [0175.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", lpFilePart=0x0) returned 0x31 [0175.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", lpFilePart=0x0) returned 0x31 [0175.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tlgkr3an1fai.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fc290a0, ftCreationTime.dwHighDateTime=0x1d9472f, ftLastAccessTime.dwLowDateTime=0xbad6f9e0, ftLastAccessTime.dwHighDateTime=0x1d9a7cf, ftLastWriteTime.dwLowDateTime=0xbad6f9e0, ftLastWriteTime.dwHighDateTime=0x1d9a7cf, nFileSizeHigh=0x0, nFileSizeLow=0x18cc5)) returned 1 [0175.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.327] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx", lpFilePart=0x0) returned 0x31 [0175.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.327] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\tLgkr3An1fAi.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tlgkr3an1fai.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.327] GetFileType (hFile=0x350) returned 0x1 [0175.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.327] GetFileType (hFile=0x350) returned 0x1 [0175.327] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.328] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.329] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.330] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.331] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.332] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0xcc5, lpOverlapped=0x0) returned 1 [0175.332] ReadFile (in: hFile=0x350, lpBuffer=0x6c17159, nNumberOfBytesToRead=0x33b, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17159*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.332] ReadFile (in: hFile=0x350, lpBuffer=0x6c17cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c17cf4*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.337] CloseHandle (hObject=0x350) returned 1 [0175.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", lpFilePart=0x0) returned 0x34 [0175.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vrpfzbsw9gbyhvw.docx"), fInfoLevelId=0x0, lpFileInformation=0x6c4bd9c | out: lpFileInformation=0x6c4bd9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b15ba0, ftCreationTime.dwHighDateTime=0x1d92ebb, ftLastAccessTime.dwLowDateTime=0xf78ac710, ftLastAccessTime.dwHighDateTime=0x1d97e24, ftLastWriteTime.dwLowDateTime=0xf78ac710, ftLastWriteTime.dwHighDateTime=0x1d97e24, nFileSizeHigh=0x0, nFileSizeLow=0x8d1b)) returned 1 [0175.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", lpFilePart=0x0) returned 0x34 [0175.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", lpFilePart=0x0) returned 0x34 [0175.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vrpfzbsw9gbyhvw.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b15ba0, ftCreationTime.dwHighDateTime=0x1d92ebb, ftLastAccessTime.dwLowDateTime=0xf78ac710, ftLastAccessTime.dwHighDateTime=0x1d97e24, ftLastWriteTime.dwLowDateTime=0xf78ac710, ftLastWriteTime.dwHighDateTime=0x1d97e24, nFileSizeHigh=0x0, nFileSizeLow=0x8d1b)) returned 1 [0175.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx", lpFilePart=0x0) returned 0x34 [0175.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.339] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VrpfZbSw9gBYhVW.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vrpfzbsw9gbyhvw.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.339] GetFileType (hFile=0x350) returned 0x1 [0175.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.339] GetFileType (hFile=0x350) returned 0x1 [0175.339] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.340] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.340] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.340] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.340] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0xd1b, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4c64b, nNumberOfBytesToRead=0x2e5, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4c64b*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.341] ReadFile (in: hFile=0x350, lpBuffer=0x6c4d190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c4d190*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.343] CloseHandle (hObject=0x350) returned 1 [0175.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", nBufferLength=0x105, lpBuffer=0x18e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", lpFilePart=0x0) returned 0x33 [0175.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eccc) returned 1 [0175.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\_jobebym_q2nqx.docx"), fInfoLevelId=0x0, lpFileInformation=0x6c800f4 | out: lpFileInformation=0x6c800f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54688660, ftCreationTime.dwHighDateTime=0x1d9b00d, ftLastAccessTime.dwLowDateTime=0x37277ef0, ftLastAccessTime.dwHighDateTime=0x1d9b457, ftLastWriteTime.dwLowDateTime=0x37277ef0, ftLastWriteTime.dwHighDateTime=0x1d9b457, nFileSizeHigh=0x0, nFileSizeLow=0x9152)) returned 1 [0175.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecc8) returned 1 [0175.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x18e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0175.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", nBufferLength=0x105, lpBuffer=0x18e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", lpFilePart=0x0) returned 0x33 [0175.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", nBufferLength=0x105, lpBuffer=0x18e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", lpFilePart=0x0) returned 0x33 [0175.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebf0) returned 1 [0175.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\_jobebym_q2nqx.docx"), fInfoLevelId=0x0, lpFileInformation=0x18ec6c | out: lpFileInformation=0x18ec6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54688660, ftCreationTime.dwHighDateTime=0x1d9b00d, ftLastAccessTime.dwLowDateTime=0x37277ef0, ftLastAccessTime.dwHighDateTime=0x1d9b457, ftLastWriteTime.dwLowDateTime=0x37277ef0, ftLastWriteTime.dwHighDateTime=0x1d9b457, nFileSizeHigh=0x0, nFileSizeLow=0x9152)) returned 1 [0175.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebec) returned 1 [0175.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", nBufferLength=0x105, lpBuffer=0x18e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx", lpFilePart=0x0) returned 0x33 [0175.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ebc8) returned 1 [0175.344] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\_jObeByM_Q2NQx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\_jobebym_q2nqx.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0175.345] GetFileType (hFile=0x350) returned 0x1 [0175.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ebc4) returned 1 [0175.345] GetFileType (hFile=0x350) returned 0x1 [0175.345] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.345] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.345] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.345] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.346] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.346] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.347] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.347] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.347] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x1000, lpOverlapped=0x0) returned 1 [0175.347] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x152, lpOverlapped=0x0) returned 1 [0175.347] ReadFile (in: hFile=0x350, lpBuffer=0x6c814c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ec30, lpOverlapped=0x0 | out: lpBuffer=0x6c814c8*, lpNumberOfBytesRead=0x18ec30*=0x0, lpOverlapped=0x0) returned 1 [0175.349] CloseHandle (hObject=0x350) returned 1 [0175.361] CoCreateGuid (in: pguid=0x18ec04 | out: pguid=0x18ec04*(Data1=0xcad4be16, Data2=0x9b91, Data3=0x47c4, Data4=([0]=0x96, [1]=0x68, [2]=0xe5, [3]=0xee, [4]=0xe3, [5]=0x60, [6]=0x4f, [7]=0xea))) returned 0x0 [0175.361] CoCreateGuid (in: pguid=0x18eb44 | out: pguid=0x18eb44*(Data1=0xabb7ac57, Data2=0x8106, Data3=0x4914, Data4=([0]=0x91, [1]=0xe7, [2]=0x46, [3]=0xb2, [4]=0xf7, [5]=0xbc, [6]=0x21, [7]=0x14))) returned 0x0 [0175.373] send (s=0x348, buf=0x839ad9e*, len=65536, flags=0) returned 65536 [0175.375] send (s=0x348, buf=0x83aad9e*, len=65536, flags=0) returned 65536 [0175.723] send (s=0x348, buf=0x83bad9e*, len=65536, flags=0) returned 65536 [0175.871] send (s=0x348, buf=0x83cad9e*, len=65536, flags=0) returned 65536 [0175.923] send (s=0x348, buf=0x83dad9e*, len=65536, flags=0) returned 65536 [0175.952] send (s=0x348, buf=0x83ead9e*, len=51759, flags=0) returned 51759 [0176.068] recv (in: s=0x348, buf=0x6afd8a4, len=8192, flags=0 | out: buf=0x6afd8a4*) returned 128 [0176.130] GdiplusStartup (in: token=0xe126cd8, input=0x18e408, output=0x18e458 | out: token=0xe126cd8, output=0x18e458) returned 0x0 [0176.166] GdipCreateBitmapFromScan0 (width=1440, height=900, stride=0, format=0x26200a, scan0=0x0, bitmap=0x18ef10) returned 0x0 [0176.239] GdipGetImagePixelFormat (image=0xd91f08, format=0x18ef14) returned 0x0 [0176.239] GdipGetImageGraphicsContext (image=0xd91f08, graphics=0x18ef20) returned 0x0 [0176.246] GdipSetInterpolationMode (graphics=0xd92408, interpolationMode=0x4) returned 0x0 [0176.247] GdipSetPixelOffsetMode (graphics=0xd92408, pixelOffsetMode=0x1) returned 0x0 [0176.247] GdipSetSmoothingMode (graphics=0xd92408, smoothingMode=0x1) returned 0x0 [0176.259] GetDC (hWnd=0x0) returned 0x6301069b [0176.264] GetCurrentObject (hdc=0x6301069b, type=0x1) returned 0x1b00017 [0176.264] GetCurrentObject (hdc=0x6301069b, type=0x2) returned 0x1900010 [0176.264] GetCurrentObject (hdc=0x6301069b, type=0x7) returned 0xbf050541 [0176.264] GetCurrentObject (hdc=0x6301069b, type=0x6) returned 0x18a0048 [0176.266] GdipGetDC (graphics=0xd92408, hdc=0x18eea0) returned 0x0 [0176.335] BitBlt (hdc=0x330109c4, x=0, y=0, cx=1440, cy=900, hdcSrc=0x6301069b, x1=0, y1=0, rop=0xcc0020) returned 1 [0176.732] GdipReleaseDC (graphics=0xd92408, hdc=0x330109c4) returned 0x0 [0176.740] ReleaseDC (hWnd=0x0, hDC=0x6301069b) returned 1 [0176.742] GdipDeleteGraphics (graphics=0xd92408) returned 0x0 [0176.789] GdipGetImageEncodersSize (numEncoders=0x18ee68, size=0x18ee64) returned 0x0 [0176.789] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0xe3254f8 [0176.790] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0xe3254f8 | out: encoders=0xe3254f8) returned 0x0 [0176.800] LocalFree (hMem=0xe3254f8) returned 0x0 [0176.826] GdipSaveImageToStream (image=0xd91f08, stream=0xd80030, clsidEncoder=0x18ee78*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0176.972] CoCreateGuid (in: pguid=0x18ec08 | out: pguid=0x18ec08*(Data1=0xaed7c838, Data2=0xa35c, Data3=0x467f, Data4=([0]=0x81, [1]=0xb3, [2]=0x34, [3]=0x15, [4]=0x2a, [5]=0xa1, [6]=0xf8, [7]=0xa1))) returned 0x0 [0176.972] CoCreateGuid (in: pguid=0x18eb48 | out: pguid=0x18eb48*(Data1=0xe25e6ead, Data2=0xd5e4, Data3=0x496e, Data4=([0]=0xab, [1]=0x66, [2]=0xc7, [3]=0x11, [4]=0x36, [5]=0xc2, [6]=0xc8, [7]=0x22))) returned 0x0 [0176.972] send (s=0x348, buf=0x839ad9e*, len=58061, flags=0) returned 58061 [0176.974] recv (in: s=0x348, buf=0x6afd8a4, len=8192, flags=0 | out: buf=0x6afd8a4*) returned 125 [0177.227] CoTaskMemAlloc (cb=0x20c) returned 0xbdbfc8 [0177.227] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xbdbfc8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0177.227] CoTaskMemFree (pv=0xbdbfc8) [0177.227] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e67c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0177.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eaa8) returned 1 [0177.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0177.229] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\*"), lpFindFileData=0x18e7d0 | out: lpFindFileData=0x18e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf6a1da6d, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0xf6a1da6d, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.229] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf6a1da6d, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0xf6a1da6d, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f2a0830, ftCreationTime.dwHighDateTime=0x1d9ad6c, ftLastAccessTime.dwLowDateTime=0xcce11420, ftLastAccessTime.dwHighDateTime=0x1d9b50f, ftLastWriteTime.dwLowDateTime=0xcce11420, ftLastWriteTime.dwHighDateTime=0x1d9b50f, nFileSizeHigh=0x0, nFileSizeLow=0x17558, dwReserved0=0x0, dwReserved1=0x0, cFileName="3MiqKyEfq01.csv", cAlternateFileName="3MIQKY~1.CSV")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a74cad0, ftCreationTime.dwHighDateTime=0x1d9b083, ftLastAccessTime.dwLowDateTime=0xdc3482c0, ftLastAccessTime.dwHighDateTime=0x1d9b14c, ftLastWriteTime.dwLowDateTime=0xdc3482c0, ftLastWriteTime.dwHighDateTime=0x1d9b14c, nFileSizeHigh=0x0, nFileSizeLow=0x16e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="4AHUr ARkZkGIDnsLQV.pps", cAlternateFileName="4AHURA~1.PPS")) returned 1 [0177.230] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c0b07c0, ftCreationTime.dwHighDateTime=0x1d9acc5, ftLastAccessTime.dwLowDateTime=0x580c2080, ftLastAccessTime.dwHighDateTime=0x1d9b4cf, ftLastWriteTime.dwLowDateTime=0x580c2080, ftLastWriteTime.dwHighDateTime=0x1d9b4cf, nFileSizeHigh=0x0, nFileSizeLow=0xc046, dwReserved0=0x0, dwReserved1=0x0, cFileName="8ZvF3hBxWBQ-cPEPnC0.mp4", cAlternateFileName="8ZVF3H~1.MP4")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19eb420, ftCreationTime.dwHighDateTime=0x1d9b2d0, ftLastAccessTime.dwLowDateTime=0x5197760, ftLastAccessTime.dwHighDateTime=0x1d9b39e, ftLastWriteTime.dwLowDateTime=0x5197760, ftLastWriteTime.dwHighDateTime=0x1d9b39e, nFileSizeHigh=0x0, nFileSizeLow=0xe7cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="9htjbtmyB4blrCVfl2c2.flv", cAlternateFileName="9HTJBT~1.FLV")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0177.231] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2050a320, ftCreationTime.dwHighDateTime=0x1d9b117, ftLastAccessTime.dwLowDateTime=0xf86f2d0, ftLastAccessTime.dwHighDateTime=0x1d9b1a6, ftLastWriteTime.dwLowDateTime=0xf86f2d0, ftLastWriteTime.dwHighDateTime=0x1d9b1a6, nFileSizeHigh=0x0, nFileSizeLow=0x2078, dwReserved0=0x0, dwReserved1=0x0, cFileName="AfUrO_Cy_EV3ZQt.gif", cAlternateFileName="AFURO_~1.GIF")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c63d9a0, ftCreationTime.dwHighDateTime=0x1d9a8f5, ftLastAccessTime.dwLowDateTime=0xa7cc3700, ftLastAccessTime.dwHighDateTime=0x1d9b1d1, ftLastWriteTime.dwLowDateTime=0xa7cc3700, ftLastWriteTime.dwHighDateTime=0x1d9b1d1, nFileSizeHigh=0x0, nFileSizeLow=0xd02, dwReserved0=0x0, dwReserved1=0x0, cFileName="aJ8GlIAnIu6o.png", cAlternateFileName="AJ8GLI~1.PNG")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4621db90, ftCreationTime.dwHighDateTime=0x1d9a524, ftLastAccessTime.dwLowDateTime=0xb8699990, ftLastAccessTime.dwHighDateTime=0x1d9afb5, ftLastWriteTime.dwLowDateTime=0xb8699990, ftLastWriteTime.dwHighDateTime=0x1d9afb5, nFileSizeHigh=0x0, nFileSizeLow=0x163c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="bLIGMd.gif", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdecaab20, ftCreationTime.dwHighDateTime=0x1d9b095, ftLastAccessTime.dwLowDateTime=0x8b2be900, ftLastAccessTime.dwHighDateTime=0x1d9b2d1, ftLastWriteTime.dwLowDateTime=0x8b2be900, ftLastWriteTime.dwHighDateTime=0x1d9b2d1, nFileSizeHigh=0x0, nFileSizeLow=0xce87, dwReserved0=0x0, dwReserved1=0x0, cFileName="g4tPh.png", cAlternateFileName="")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x163adc30, ftCreationTime.dwHighDateTime=0x1d9a53b, ftLastAccessTime.dwLowDateTime=0xce5dece0, ftLastAccessTime.dwHighDateTime=0x1d9ac0b, ftLastWriteTime.dwLowDateTime=0xce5dece0, ftLastWriteTime.dwHighDateTime=0x1d9ac0b, nFileSizeHigh=0x0, nFileSizeLow=0x64dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="gvxavyiJ5rmXbRV8ZN.m4a", cAlternateFileName="GVXAVY~1.M4A")) returned 1 [0177.232] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4f7f300, ftCreationTime.dwHighDateTime=0x1d9b0c0, ftLastAccessTime.dwLowDateTime=0xbda8c630, ftLastAccessTime.dwHighDateTime=0x1d9b4c2, ftLastWriteTime.dwLowDateTime=0xbda8c630, ftLastWriteTime.dwHighDateTime=0x1d9b4c2, nFileSizeHigh=0x0, nFileSizeLow=0x13fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="hIL60vJrtl9uWWjUUIrz.swf", cAlternateFileName="HIL60V~1.SWF")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254b2ca0, ftCreationTime.dwHighDateTime=0x1d9b0f5, ftLastAccessTime.dwLowDateTime=0x7114ee60, ftLastAccessTime.dwHighDateTime=0x1d9b2a7, ftLastWriteTime.dwLowDateTime=0x7114ee60, ftLastWriteTime.dwHighDateTime=0x1d9b2a7, nFileSizeHigh=0x0, nFileSizeLow=0x4972, dwReserved0=0x0, dwReserved1=0x0, cFileName="J-xkHq.ppt", cAlternateFileName="")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b5744f0, ftCreationTime.dwHighDateTime=0x1d9b2b4, ftLastAccessTime.dwLowDateTime=0xb6487cf0, ftLastAccessTime.dwHighDateTime=0x1d9b508, ftLastWriteTime.dwLowDateTime=0xb6487cf0, ftLastWriteTime.dwHighDateTime=0x1d9b508, nFileSizeHigh=0x0, nFileSizeLow=0xe81a, dwReserved0=0x0, dwReserved1=0x0, cFileName="J5nc3F7Yk.wav", cAlternateFileName="J5NC3F~1.WAV")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0177.233] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e1b8780, ftCreationTime.dwHighDateTime=0x1d9ad7d, ftLastAccessTime.dwLowDateTime=0xc8e7edb0, ftLastAccessTime.dwHighDateTime=0x1d9b2c3, ftLastWriteTime.dwLowDateTime=0xc8e7edb0, ftLastWriteTime.dwHighDateTime=0x1d9b2c3, nFileSizeHigh=0x0, nFileSizeLow=0x18913, dwReserved0=0x0, dwReserved1=0x0, cFileName="olzzwoRgSOZwFn3nKH.m4a", cAlternateFileName="OLZZWO~1.M4A")) returned 1 [0177.234] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a45c140, ftCreationTime.dwHighDateTime=0x1d9b1b8, ftLastAccessTime.dwLowDateTime=0xe90e3fa0, ftLastAccessTime.dwHighDateTime=0x1d9b4ac, ftLastWriteTime.dwLowDateTime=0xe90e3fa0, ftLastWriteTime.dwHighDateTime=0x1d9b4ac, nFileSizeHigh=0x0, nFileSizeLow=0x14845, dwReserved0=0x0, dwReserved1=0x0, cFileName="P--ub1GYhxBRZpF.png", cAlternateFileName="P--UB1~1.PNG")) returned 1 [0177.234] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x460e1b00, ftCreationTime.dwHighDateTime=0x1d9b352, ftLastAccessTime.dwLowDateTime=0x4c2f84a0, ftLastAccessTime.dwHighDateTime=0x1d9b51a, ftLastWriteTime.dwLowDateTime=0x4c2f84a0, ftLastWriteTime.dwHighDateTime=0x1d9b51a, nFileSizeHigh=0x0, nFileSizeLow=0x1015d, dwReserved0=0x0, dwReserved1=0x0, cFileName="pXeSOxdOjN.pdf", cAlternateFileName="PXESOX~1.PDF")) returned 1 [0177.234] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b587fa0, ftCreationTime.dwHighDateTime=0x1d9a619, ftLastAccessTime.dwLowDateTime=0x21c02d40, ftLastAccessTime.dwHighDateTime=0x1d9af99, ftLastWriteTime.dwLowDateTime=0x21c02d40, ftLastWriteTime.dwHighDateTime=0x1d9af99, nFileSizeHigh=0x0, nFileSizeLow=0x107ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="QiK8kTUjkw.wav", cAlternateFileName="QIK8KT~1.WAV")) returned 1 [0177.235] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0177.235] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e254b40, ftCreationTime.dwHighDateTime=0x1d9ada7, ftLastAccessTime.dwLowDateTime=0xb99b80f0, ftLastAccessTime.dwHighDateTime=0x1d9b1c5, ftLastWriteTime.dwLowDateTime=0xb99b80f0, ftLastWriteTime.dwHighDateTime=0x1d9b1c5, nFileSizeHigh=0x0, nFileSizeLow=0x992d, dwReserved0=0x0, dwReserved1=0x0, cFileName="TvFkIDBxAog.docx", cAlternateFileName="TVFKID~1.DOC")) returned 1 [0177.235] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda272f80, ftCreationTime.dwHighDateTime=0x1d9b41e, ftLastAccessTime.dwLowDateTime=0x9e0c2930, ftLastAccessTime.dwHighDateTime=0x1d9b4f3, ftLastWriteTime.dwLowDateTime=0x9e0c2930, ftLastWriteTime.dwHighDateTime=0x1d9b4f3, nFileSizeHigh=0x0, nFileSizeLow=0x4b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="tWJrbxvJHaDeNGoC.png", cAlternateFileName="TWJRBX~1.PNG")) returned 1 [0177.235] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba3d2210, ftCreationTime.dwHighDateTime=0x1d9aac8, ftLastAccessTime.dwLowDateTime=0xc13ced90, ftLastAccessTime.dwHighDateTime=0x1d9b09d, ftLastWriteTime.dwLowDateTime=0xc13ced90, ftLastWriteTime.dwHighDateTime=0x1d9b09d, nFileSizeHigh=0x0, nFileSizeLow=0x9c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="u1aV0eCcdj.pps", cAlternateFileName="U1AV0E~1.PPS")) returned 1 [0177.236] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x696dd4f0, ftCreationTime.dwHighDateTime=0x1d9b078, ftLastAccessTime.dwLowDateTime=0x88326030, ftLastAccessTime.dwHighDateTime=0x1d9b0f1, ftLastWriteTime.dwLowDateTime=0x88326030, ftLastWriteTime.dwHighDateTime=0x1d9b0f1, nFileSizeHigh=0x0, nFileSizeLow=0x6362, dwReserved0=0x0, dwReserved1=0x0, cFileName="u6sRAr1RW.ppt", cAlternateFileName="U6SRAR~1.PPT")) returned 1 [0177.236] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33dfb950, ftCreationTime.dwHighDateTime=0x1d9a535, ftLastAccessTime.dwLowDateTime=0xafd126b0, ftLastAccessTime.dwHighDateTime=0x1d9ac93, ftLastWriteTime.dwLowDateTime=0xafd126b0, ftLastWriteTime.dwHighDateTime=0x1d9ac93, nFileSizeHigh=0x0, nFileSizeLow=0x4f17, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vev.mkv", cAlternateFileName="")) returned 1 [0177.236] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd26fae0, ftCreationTime.dwHighDateTime=0x1d9b111, ftLastAccessTime.dwLowDateTime=0x77e4bb30, ftLastAccessTime.dwHighDateTime=0x1d9b2d4, ftLastWriteTime.dwLowDateTime=0x77e4bb30, ftLastWriteTime.dwHighDateTime=0x1d9b2d4, nFileSizeHigh=0x0, nFileSizeLow=0x16168, dwReserved0=0x0, dwReserved1=0x0, cFileName="xe1hvzDL-to9PCWsmvfk.doc", cAlternateFileName="XE1HVZ~1.DOC")) returned 1 [0177.236] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd464e00, ftCreationTime.dwHighDateTime=0x1d9aee7, ftLastAccessTime.dwLowDateTime=0xbaf53fa0, ftLastAccessTime.dwHighDateTime=0x1d9b138, ftLastWriteTime.dwLowDateTime=0xbaf53fa0, ftLastWriteTime.dwHighDateTime=0x1d9b138, nFileSizeHigh=0x0, nFileSizeLow=0x2336, dwReserved0=0x0, dwReserved1=0x0, cFileName="xXLGTH.xls", cAlternateFileName="")) returned 1 [0177.236] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47317710, ftCreationTime.dwHighDateTime=0x1d9ae49, ftLastAccessTime.dwLowDateTime=0x89d25010, ftLastAccessTime.dwHighDateTime=0x1d9afea, ftLastWriteTime.dwLowDateTime=0x89d25010, ftLastWriteTime.dwHighDateTime=0x1d9afea, nFileSizeHigh=0x0, nFileSizeLow=0xe239, dwReserved0=0x0, dwReserved1=0x0, cFileName="z4S5BMu6.gif", cAlternateFileName="")) returned 1 [0177.237] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3d0980, ftCreationTime.dwHighDateTime=0x1d9a60a, ftLastAccessTime.dwLowDateTime=0x83aa7ab0, ftLastAccessTime.dwHighDateTime=0x1d9aae9, ftLastWriteTime.dwLowDateTime=0x83aa7ab0, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x2308, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zjcwl1.m4a", cAlternateFileName="")) returned 1 [0177.237] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3d0980, ftCreationTime.dwHighDateTime=0x1d9a60a, ftLastAccessTime.dwLowDateTime=0x83aa7ab0, ftLastAccessTime.dwHighDateTime=0x1d9aae9, ftLastWriteTime.dwLowDateTime=0x83aa7ab0, ftLastWriteTime.dwHighDateTime=0x1d9aae9, nFileSizeHigh=0x0, nFileSizeLow=0x2308, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zjcwl1.m4a", cAlternateFileName="")) returned 0 [0177.237] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea64) returned 1 [0177.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea70) returned 1 [0177.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0177.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.238] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0177.238] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.241] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0177.241] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0177.241] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0177.243] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.243] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.243] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0177.244] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.244] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.244] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0177.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.244] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0177.244] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\flash player\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.245] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.245] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0177.245] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0177.245] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0177.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0177.246] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.247] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0177.247] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0177.248] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0177.249] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0177.250] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0177.256] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6aa33cc5, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0177.257] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0177.257] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0177.258] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.259] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0177.259] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0177.260] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0177.261] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0177.261] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0177.261] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0177.261] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0177.261] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0177.262] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6aa33cc5, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0177.262] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0177.262] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0177.262] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0177.262] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.262] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0177.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0177.263] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\addins\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.264] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.264] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.264] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.265] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0177.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.265] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0177.266] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.267] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.267] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0177.267] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0177.267] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0177.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0177.268] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.269] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.269] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.269] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.270] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0177.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.270] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0177.270] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.271] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.271] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0177.272] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0177.272] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x35 [0177.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x35 [0177.273] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\excel\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.274] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.275] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0177.275] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0177.275] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x41 [0177.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x41 [0177.276] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.276] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.277] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xea09ab5b, ftLastAccessTime.dwHighDateTime=0x1d99cf2, ftLastWriteTime.dwLowDateTime=0xea09ab5b, ftLastWriteTime.dwHighDateTime=0x1d99cf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0177.277] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0177.277] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0177.277] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0177.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0177.279] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\mmc\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28dd8 [0177.285] FindNextFileW (in: hFindFile=0xc28dd8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.285] FindNextFileW (in: hFindFile=0xc28dd8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.285] FindClose (in: hFindFile=0xc28dd8 | out: hFindFile=0xc28dd8) returned 1 [0177.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.286] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0177.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.286] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0177.286] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.287] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.287] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0177.287] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0177.288] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.289] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0177.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.289] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0177.289] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.290] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.290] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0177.291] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0177.292] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0177.292] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.293] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0177.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.293] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0177.293] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.294] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.295] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0177.295] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x8864a351, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0177.295] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.295] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0177.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0177.296] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.296] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.297] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf68faea, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0177.297] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x8060823c, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0177.298] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.298] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0177.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0177.299] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.300] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.300] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0177.301] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0177.301] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.302] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0177.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.302] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0177.302] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc294d8 [0177.302] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.302] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0177.303] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0177.303] FindClose (in: hFindFile=0xc294d8 | out: hFindFile=0xc294d8) returned 1 [0177.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.304] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0177.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.304] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0177.304] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6fe28f7f, ftLastWriteTime.dwHighDateTime=0x1d99cf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc294d8 [0177.307] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x6aa33cc5, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x6fe28f7f, ftLastWriteTime.dwHighDateTime=0x1d99cf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.307] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0177.308] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4614163, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4614163, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa46a67ce, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4641, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0177.308] FindNextFileW (in: hFindFile=0xc294d8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.308] FindClose (in: hFindFile=0xc294d8 | out: hFindFile=0xc294d8) returned 1 [0177.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.309] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", lpFilePart=0x0) returned 0x35 [0177.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.310] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", lpFilePart=0x0) returned 0x35 [0177.310] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\vault\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28dd8 [0177.311] FindNextFileW (in: hFindFile=0xc28dd8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.311] FindNextFileW (in: hFindFile=0xc28dd8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.311] FindClose (in: hFindFile=0xc28dd8 | out: hFindFile=0xc28dd8) returned 1 [0177.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.312] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x37 [0177.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x37 [0177.313] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x74c712a9, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x74c712a9, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.314] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x74c712a9, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x74c712a9, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.314] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountPictures", cAlternateFileName="ACCOUN~1")) returned 1 [0177.314] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2b1d2cc3, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1d8e71, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0177.314] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0177.315] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x74c712a9, ftCreationTime.dwHighDateTime=0x1d93633, ftLastAccessTime.dwLowDateTime=0x74c712a9, ftLastAccessTime.dwHighDateTime=0x1d93633, ftLastWriteTime.dwLowDateTime=0x74c712a9, ftLastWriteTime.dwHighDateTime=0x1d93633, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerShell", cAlternateFileName="POWERS~1")) returned 1 [0177.315] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0177.315] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x416f797e, ftLastAccessTime.dwHighDateTime=0x1d9d730, ftLastWriteTime.dwLowDateTime=0x416f797e, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0177.315] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8c427141, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x8c473662, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0177.315] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0177.316] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0177.316] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeb77be3, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xaebea315, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaebea315, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0177.316] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeb77be3, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xaebea315, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaebea315, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0177.316] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.317] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x34 [0177.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.317] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x34 [0177.317] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\word\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x669f9558, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.317] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x669f9558, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.318] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x669f9558, ftCreationTime.dwHighDateTime=0x1d8a651, ftLastAccessTime.dwLowDateTime=0x669f9558, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x669f9558, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0177.318] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x669f9558, ftCreationTime.dwHighDateTime=0x1d8a651, ftLastAccessTime.dwLowDateTime=0x669f9558, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x669f9558, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0177.318] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.319] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", lpFilePart=0x0) returned 0x29 [0177.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.319] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", lpFilePart=0x0) returned 0x29 [0177.319] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\sun\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.319] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.320] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0177.320] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0177.320] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.321] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun", lpFilePart=0x0) returned 0x29 [0177.321] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\sun\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.321] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0177.321] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.321] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.322] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\Java", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\Java", lpFilePart=0x0) returned 0x2e [0177.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.322] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\Java", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\Java", lpFilePart=0x0) returned 0x2e [0177.322] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Sun\\Java\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\sun\\java\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28ed8 [0177.322] FindNextFileW (in: hFindFile=0xc28ed8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.322] FindNextFileW (in: hFindFile=0xc28ed8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0177.322] FindNextFileW (in: hFindFile=0xc28ed8, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb003583b, ftCreationTime.dwHighDateTime=0x1d8c106, ftLastAccessTime.dwLowDateTime=0xb003583b, ftLastAccessTime.dwHighDateTime=0x1d8c106, ftLastWriteTime.dwLowDateTime=0xb003583b, ftLastWriteTime.dwHighDateTime=0x1d8c106, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 0 [0177.322] FindClose (in: hFindFile=0xc28ed8 | out: hFindFile=0xc28ed8) returned 1 [0177.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.323] CoTaskMemAlloc (cb=0x20c) returned 0xbdca90 [0177.323] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0xbdca90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0177.323] CoTaskMemFree (pv=0xbdca90) [0177.323] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e67c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0177.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eaa8) returned 1 [0177.325] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0177.325] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\*"), lpFindFileData=0x18e7d0 | out: lpFindFileData=0x18e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50b344cd, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x46893fd1, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.325] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50b344cd, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x46893fd1, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.325] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActiveSync", cAlternateFileName="ACTIVE~1")) returned 1 [0177.325] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0177.325] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Comms", cAlternateFileName="")) returned 1 [0177.325] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xb1dfb94f, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xb1dfb94f, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x2e4f6a9d, ftLastWriteTime.dwHighDateTime=0x1d99d0a, nFileSizeHigh=0x0, nFileSizeLow=0x991d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50b344cd, ftCreationTime.dwHighDateTime=0x1d8a64c, ftLastAccessTime.dwLowDateTime=0x50b344cd, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x50b344cd, ftLastWriteTime.dwHighDateTime=0x1d8a64c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~3")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4252734, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MicrosoftEdge", cAlternateFileName="MICROS~2")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xddb04c43, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xddb04c43, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73f4dcd0, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73f4dcd0, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73f4dcd0, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeerDistRepub", cAlternateFileName="PEERDI~1")) returned 1 [0177.326] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc699b5c, ftCreationTime.dwHighDateTime=0x1d70070, ftLastAccessTime.dwLowDateTime=0xdc699b5c, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xdc699b5c, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publishers", cAlternateFileName="PUBLIS~1")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46893fd1, ftCreationTime.dwHighDateTime=0x1d9d730, ftLastAccessTime.dwLowDateTime=0x46893fd1, ftLastAccessTime.dwHighDateTime=0x1d9d730, ftLastWriteTime.dwLowDateTime=0x46893fd1, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCache", cAlternateFileName="SYSTEM~1")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3da5cae6, ftLastAccessTime.dwHighDateTime=0x1d9d730, ftLastWriteTime.dwLowDateTime=0x3da5cae6, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40a64b1d, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40a64b1d, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40a64b1d, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TileDataLayer", cAlternateFileName="TILEDA~1")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5599aefd, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5599aefd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5599aefd, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0177.327] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7dc | out: lpFindFileData=0x18e7dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.327] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea64) returned 1 [0177.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea70) returned 1 [0177.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0177.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0177.328] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\activesync\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.329] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.329] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.329] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0177.329] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\activesync\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.329] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.329] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.329] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.330] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x34 [0177.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.330] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x34 [0177.330] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\application data\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea5c) returned 1 [0177.337] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0177.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.337] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0177.337] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.338] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.338] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x41637d0, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x41637d0, ftLastWriteTime.dwHighDateTime=0x1d8a64c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0177.338] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Unistore", cAlternateFileName="")) returned 1 [0177.338] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x304e1230, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xe231b8a5, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 1 [0177.338] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x304e1230, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xe231b8a5, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 0 [0177.338] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.339] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0177.339] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.339] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.339] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x41637d0, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x41637d0, ftLastWriteTime.dwHighDateTime=0x1d8a64c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0177.339] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Unistore", cAlternateFileName="")) returned 1 [0177.339] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x304e1230, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xe231b8a5, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 1 [0177.339] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.339] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.339] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", lpFilePart=0x0) returned 0x2e [0177.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.340] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", lpFilePart=0x0) returned 0x2e [0177.340] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\temp\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x41637d0, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x77e259ad, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.341] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x41637d0, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x77e259ad, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.341] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b315521, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x77e259ad, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x77e26d5d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="CalendarCache.dat", cAlternateFileName="CALEND~1.DAT")) returned 1 [0177.341] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.341] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", lpFilePart=0x0) returned 0x32 [0177.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", lpFilePart=0x0) returned 0x32 [0177.341] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\unistore\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.342] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.342] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0177.342] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.342] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", lpFilePart=0x0) returned 0x34 [0177.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", lpFilePart=0x0) returned 0x34 [0177.343] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\unistoredb\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x304e1230, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xe231b8a5, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.344] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x304e1230, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xe231b8a5, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.344] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x220, ftCreationTime.dwLowDateTime=0x23a0d188, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23a0d188, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xe22f57b6, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x600000, dwReserved0=0x0, dwReserved1=0x0, cFileName="store.vol", cAlternateFileName="")) returned 1 [0177.344] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239e71ab, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239e71ab, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x9867d3ae, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USS.chk", cAlternateFileName="")) returned 1 [0177.344] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2399ab8b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2399ab8b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xe22f57b6, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USS.log", cAlternateFileName="")) returned 1 [0177.345] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239c0dc2, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239c0dc2, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x239c0dc2, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USSres00001.jrs", cAlternateFileName="USSRES~1.JRS")) returned 1 [0177.345] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239c0dc2, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239c0dc2, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x239c0dc2, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USSres00002.jrs", cAlternateFileName="USSRES~2.JRS")) returned 1 [0177.345] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2399ab8b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2399ab8b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xdd289e64, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USStmp.log", cAlternateFileName="")) returned 1 [0177.345] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.345] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", lpFilePart=0x0) returned 0x2b [0177.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", lpFilePart=0x0) returned 0x2b [0177.346] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\history\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea5c) returned 1 [0177.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0177.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0177.348] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\*"), lpFindFileData=0x18e7c0 | out: lpFindFileData=0x18e7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28e58 [0177.348] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.348] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v2.0", cAlternateFileName="")) returned 1 [0177.348] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0", cAlternateFileName="")) returned 1 [0177.348] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0_32", cAlternateFileName="CLR_V4~1.0_3")) returned 1 [0177.348] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7c8b0775, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0x7c8b0775, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x249187e, ftLastAccessTime.dwHighDateTime=0x1d9b562, ftLastWriteTime.dwLowDateTime=0x249187e, ftLastWriteTime.dwHighDateTime=0x1d9b562, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x249187e, ftLastAccessTime.dwHighDateTime=0x1d9b562, ftLastWriteTime.dwLowDateTime=0x249187e, ftLastWriteTime.dwHighDateTime=0x1d9b562, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a17d745, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a184b86, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a184b86, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809248a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xc7db342, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xc7db342, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameDVR", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6ec87d0d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization", cAlternateFileName="INPUTP~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5b61023, ftCreationTime.dwHighDateTime=0x1d7045f, ftLastAccessTime.dwLowDateTime=0xf5b61023, ftLastAccessTime.dwHighDateTime=0x1d7045f, ftLastWriteTime.dwLowDateTime=0xf5b61023, ftLastWriteTime.dwHighDateTime=0x1d7045f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallAgent", cAlternateFileName="INSTAL~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4137bbef, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x291adc5d, ftLastAccessTime.dwHighDateTime=0x1d9d730, ftLastWriteTime.dwLowDateTime=0x291adc5d, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40f9be3f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40f9be3f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40f9be3f, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5781bc17, ftCreationTime.dwHighDateTime=0x1d7046d, ftLastAccessTime.dwLowDateTime=0x696efe32, ftLastAccessTime.dwHighDateTime=0x1d7046d, ftLastWriteTime.dwLowDateTime=0x696efe32, ftLastWriteTime.dwHighDateTime=0x1d7046d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87b49234, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xb1ac323a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb2c68d12, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a11bc67, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x847a2bfc, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x847a2bfc, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PlayReady", cAlternateFileName="PLAYRE~1")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb9574d8, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xfd0298f3, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0xfd0298f3, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ca06a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x87ca06a1, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x87ca06a1, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~2")) returned 1 [0177.349] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e58, lpFindFileData=0x18e7cc | out: lpFindFileData=0x18e7cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0177.350] FindClose (in: hFindFile=0xc28e58 | out: hFindFile=0xc28e58) returned 1 [0177.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.350] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x18e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0177.350] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\*"), lpFindFileData=0x18e648 | out: lpFindFileData=0x18e648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28e18 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v2.0", cAlternateFileName="")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0", cAlternateFileName="")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0_32", cAlternateFileName="CLR_V4~1.0_3")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7c8b0775, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0x7c8b0775, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0177.350] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x249187e, ftLastAccessTime.dwHighDateTime=0x1d9b562, ftLastWriteTime.dwLowDateTime=0x249187e, ftLastWriteTime.dwHighDateTime=0x1d9b562, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0177.351] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x249187e, ftLastAccessTime.dwHighDateTime=0x1d9b562, ftLastWriteTime.dwLowDateTime=0x249187e, ftLastWriteTime.dwHighDateTime=0x1d9b562, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0177.351] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a17d745, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a184b86, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a184b86, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0177.351] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809248a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xc7db342, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xc7db342, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameDVR", cAlternateFileName="")) returned 1 [0177.351] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6ec87d0d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization", cAlternateFileName="INPUTP~1")) returned 1 [0177.351] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5b61023, ftCreationTime.dwHighDateTime=0x1d7045f, ftLastAccessTime.dwLowDateTime=0xf5b61023, ftLastAccessTime.dwHighDateTime=0x1d7045f, ftLastWriteTime.dwLowDateTime=0xf5b61023, ftLastWriteTime.dwHighDateTime=0x1d7045f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallAgent", cAlternateFileName="INSTAL~1")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4137bbef, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x291adc5d, ftLastAccessTime.dwHighDateTime=0x1d9d730, ftLastWriteTime.dwLowDateTime=0x291adc5d, ftLastWriteTime.dwHighDateTime=0x1d9d730, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40f9be3f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40f9be3f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40f9be3f, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5781bc17, ftCreationTime.dwHighDateTime=0x1d7046d, ftLastAccessTime.dwLowDateTime=0x696efe32, ftLastAccessTime.dwHighDateTime=0x1d7046d, ftLastWriteTime.dwLowDateTime=0x696efe32, ftLastWriteTime.dwHighDateTime=0x1d7046d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87b49234, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xb1ac323a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xb2c68d12, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a11bc67, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x847a2bfc, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x847a2bfc, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PlayReady", cAlternateFileName="PLAYRE~1")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb9574d8, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xfd0298f3, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0xfd0298f3, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ca06a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x87ca06a1, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x87ca06a1, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~2")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0177.352] FindNextFileW (in: hFindFile=0xc28e18, lpFindFileData=0x18e654 | out: lpFindFileData=0x18e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.352] FindClose (in: hFindFile=0xc28e18 | out: hFindFile=0xc28e18) returned 1 [0177.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.352] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v2.0", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v2.0", lpFilePart=0x0) returned 0x36 [0177.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.353] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v2.0", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v2.0", lpFilePart=0x0) returned 0x36 [0177.353] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v2.0\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\clr_v2.0\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.353] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.354] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 1 [0177.354] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6078303, ftCreationTime.dwHighDateTime=0x1d8a64d, ftLastAccessTime.dwLowDateTime=0x6078303, ftLastAccessTime.dwHighDateTime=0x1d8a64d, ftLastWriteTime.dwLowDateTime=0x6078303, ftLastWriteTime.dwHighDateTime=0x1d8a64d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 0 [0177.354] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", lpFilePart=0x0) returned 0x36 [0177.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", lpFilePart=0x0) returned 0x36 [0177.354] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\clr_v4.0\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.354] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.355] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 1 [0177.355] FindNextFileW (in: hFindFile=0xc29218, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 0 [0177.355] FindClose (in: hFindFile=0xc29218 | out: hFindFile=0xc29218) returned 1 [0177.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.355] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", lpFilePart=0x0) returned 0x39 [0177.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.355] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", lpFilePart=0x0) returned 0x39 [0177.355] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\clr_v4.0_32\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.355] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.355] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 1 [0177.355] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 0 [0177.356] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.356] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x39 [0177.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.356] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x39 [0177.356] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7c8b0775, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0x7c8b0775, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.356] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7c8b0775, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0x7c8b0775, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.356] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7c8b0775, ftLastAccessTime.dwHighDateTime=0x1d9b561, ftLastWriteTime.dwLowDateTime=0x7c8b0775, ftLastWriteTime.dwHighDateTime=0x1d9b561, nFileSizeHigh=0x0, nFileSizeLow=0x2b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0177.356] FindNextFileW (in: hFindFile=0xc29458, lpFindFileData=0x18e644 | out: lpFindFileData=0x18e644*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.356] FindClose (in: hFindFile=0xc29458 | out: hFindFile=0xc29458) returned 1 [0177.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x18e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x33 [0177.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x18e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x33 [0177.357] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\feeds\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x249187e, ftLastAccessTime.dwHighDateTime=0x1d9b562, ftLastWriteTime.dwLowDateTime=0x249187e, ftLastWriteTime.dwHighDateTime=0x1d9b562, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc28ed8 [0177.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.370] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Outlook\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\outlook\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a11bc67, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x847a2bfc, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x847a2bfc, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29458 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ea98) returned 1 [0177.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea54) returned 1 [0177.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea60) returned 1 [0177.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e920) returned 1 [0177.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8dc) returned 1 [0177.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8e8) returned 1 [0177.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.416] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\*"), lpFindFileData=0x18e638 | out: lpFindFileData=0x18e638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a85f54c, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x5b1c2a8e, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x5b1c2a8e, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xc29218 [0177.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8d8) returned 1 [0177.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18e910) returned 1 [0177.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18e8cc) returned 1 [0177.565] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer", nBufferLength=0x105, lpBuffer=0x18e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer", lpFilePart=0x0) returned 0x31 [0177.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.666] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net") returned 0x2f [0177.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.668] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2e [0177.668] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\battle.net\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.674] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.674] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned 0x37 [0177.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0177.680] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.686] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.686] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3c [0177.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.693] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0177.693] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.696] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.696] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x41 [0177.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x40 [0177.697] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google(x86)\\chrome\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.699] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.699] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\") returned 0x36 [0177.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.700] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0177.700] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.703] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.703] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x45 [0177.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.704] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0177.704] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.706] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.707] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data") returned 0x36 [0177.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.707] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0177.707] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.710] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.710] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x3a [0177.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.711] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0177.711] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.713] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.713] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned 0x3a [0177.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0177.714] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.716] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.716] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data") returned 0x35 [0177.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.717] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0177.717] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.720] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.720] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned 0x36 [0177.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.721] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0177.721] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.724] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.724] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned 0x35 [0177.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.725] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0177.725] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.728] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.728] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned 0x3f [0177.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.729] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0177.729] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.732] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.732] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x43 [0177.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.733] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0177.733] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.736] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.736] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3d [0177.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0177.737] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.739] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.739] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x58 [0177.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0177.740] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.743] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.743] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x43 [0177.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0177.744] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.746] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.747] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x3c [0177.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.747] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0177.747] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.750] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.750] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data") returned 0x35 [0177.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.751] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0177.751] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.754] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned 0x37 [0177.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0177.755] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.757] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.757] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned 0x36 [0177.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0177.758] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.761] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.761] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x3c [0177.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.762] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0177.762] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.764] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.764] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data") returned 0x39 [0177.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.765] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x38 [0177.765] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.768] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.768] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned 0x34 [0177.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.769] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0177.769] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.771] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.771] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x43 [0177.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.772] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0177.772] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.775] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.775] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data") returned 0x35 [0177.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x34 [0177.776] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.778] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.778] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x41 [0177.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x40 [0177.779] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.781] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data") returned 0x37 [0177.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.782] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x36 [0177.782] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon3\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.784] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data") returned 0x36 [0177.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x35 [0177.785] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\k-melon\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.787] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.787] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3e [0177.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.788] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0177.788] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.790] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.790] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned 0x37 [0177.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x36 [0177.791] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.793] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.793] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3d [0177.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.794] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0177.795] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.798] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.798] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data") returned 0x33 [0177.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x32 [0177.799] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\uran\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.801] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.801] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data") returned 0x37 [0177.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.801] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x36 [0177.802] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromodo\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.804] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.804] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x3b [0177.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x3a [0177.805] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mail.ru\\atom\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.807] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.807] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x4a [0177.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.807] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0177.808] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.810] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.810] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3d [0177.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0177.810] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.814] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.814] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x51 [0177.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x50 [0177.815] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nvidia corporation\\nvidia geforce experience\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.817] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.817] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam") returned 0x2a [0177.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x29 [0177.818] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\steam\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.820] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.820] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x18eafc, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x40 [0177.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eab8) returned 1 [0177.821] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x18e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3f [0177.821] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\*"), lpFindFileData=0x18e7e0 | out: lpFindFileData=0x18e7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ea7c) returned 1 [0177.903] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.903] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Armory", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory") returned 0x2d [0177.903] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x2c [0177.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x2c [0177.904] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory\\*.wallet" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\armory\\*.wallet"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.918] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.918] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\atomic", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic") returned 0x2d [0177.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x2c [0177.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x2c [0177.919] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.922] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.922] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Binance", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance") returned 0x2e [0177.922] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2d [0177.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.922] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2d [0177.922] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\*app-store*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\binance\\*app-store*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.925] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0177.925] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\Cache", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache") returned 0x3a [0177.925] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", lpFilePart=0x0) returned 0x39 [0177.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.925] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", lpFilePart=0x0) returned 0x39 [0177.926] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\cache\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.928] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0177.928] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\db", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db") returned 0x37 [0177.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", lpFilePart=0x0) returned 0x36 [0177.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", lpFilePart=0x0) returned 0x36 [0177.929] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\db\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.932] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0177.932] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\wallets", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets") returned 0x3c [0177.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", lpFilePart=0x0) returned 0x3b [0177.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", lpFilePart=0x0) returned 0x3b [0177.932] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.935] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.935] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Electrum\\wallets", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets") returned 0x37 [0177.935] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x36 [0177.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.935] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x36 [0177.935] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\electrum\\wallets\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.938] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.938] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Ethereum\\wallets", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets") returned 0x37 [0177.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x36 [0177.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.939] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets", lpFilePart=0x0) returned 0x36 [0177.939] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ethereum\\wallets\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.941] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.941] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus\\exodus.wallet", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet") returned 0x3b [0177.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x3a [0177.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.942] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet", lpFilePart=0x0) returned 0x3a [0177.942] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\exodus.wallet\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.944] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.944] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus") returned 0x2d [0177.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x2c [0177.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus", lpFilePart=0x0) returned 0x2c [0177.945] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\*.json" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\exodus\\*.json"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.948] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.948] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Guarda", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda") returned 0x2d [0177.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x2c [0177.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda", lpFilePart=0x0) returned 0x2c [0177.949] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\guarda\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.953] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0177.953] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\com.liberty.jaxx", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx") returned 0x37 [0177.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x36 [0177.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx", lpFilePart=0x0) returned 0x36 [0177.953] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\com.liberty.jaxx\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.956] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0177.956] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents\\Monero\\wallets", lpDst=0x18ecf0, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets") returned 0x2f [0177.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x18e8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2e [0177.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ede8) returned 1 [0177.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets", nBufferLength=0x105, lpBuffer=0x18e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets", lpFilePart=0x0) returned 0x2e [0177.956] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\monero\\wallets\\*"), lpFindFileData=0x18eb10 | out: lpFindFileData=0x18eb10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0177.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edac) returned 1 [0177.973] CoCreateGuid (in: pguid=0x18ebd4 | out: pguid=0x18ebd4*(Data1=0xa9e914a5, Data2=0x107e, Data3=0x4a14, Data4=([0]=0x82, [1]=0x1d, [2]=0x37, [3]=0x23, [4]=0x3a, [5]=0x3a, [6]=0xd8, [7]=0x1e))) returned 0x0 [0177.973] CoCreateGuid (in: pguid=0x18eb14 | out: pguid=0x18eb14*(Data1=0xbc473b84, Data2=0xa380, Data3=0x4fe6, Data4=([0]=0xb4, [1]=0x3c, [2]=0x56, [3]=0x93, [4]=0xf8, [5]=0x93, [6]=0x9, [7]=0x8e))) returned 0x0 [0177.973] send (s=0x348, buf=0x839ad9f*, len=162, flags=0) returned 162 [0177.974] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 128 [0178.075] GetCurrentProcessId () returned 0x234 [0178.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x8293010, Length=0x20000, ResultLength=0x18edc4 | out: SystemInformation=0x8293010, ResultLength=0x18edc4*=0x157d8) returned 0x0 [0178.090] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18edac | out: puCount=0x18edac*=0x2) returned 0x0 [0178.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eda8*=0x0, pszText=0x0 | out: puBuffLength=0x18eda8*=0xf, pszText=0x0) returned 0x0 [0178.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18eda8*=0xf, pszText="00000000000000" | out: puBuffLength=0x18eda8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.090] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed34 | out: ppv=0x18ed34*=0xb71a3c) returned 0x0 [0178.090] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed2c | out: pAptType=0x18ed2c*=1) returned 0x0 [0178.090] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed30 | out: ppvObject=0x18ed30*=0x0) returned 0x80004002 [0178.090] IUnknown:Release (This=0xb71a3c) returned 0x0 [0178.092] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e940 | out: ppv=0x18e940*=0xe339490) returned 0x0 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0xe339490, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb5c | out: ppvObject=0x18eb5c*=0x0) returned 0x80004002 [0178.093] WbemLocator:IClassFactory:CreateInstance (in: This=0xe339490, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb68 | out: ppvObject=0x18eb68*=0xc16568) returned 0x0 [0178.093] WbemLocator:IUnknown:Release (This=0xe339490) returned 0x0 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e78c | out: ppvObject=0x18e78c*=0xc16568) returned 0x0 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e748 | out: ppvObject=0x18e748*=0x0) returned 0x80004002 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e33c | out: ppvObject=0x18e33c*=0x0) returned 0x80004002 [0178.095] WbemLocator:IUnknown:AddRef (This=0xc16568) returned 0x3 [0178.095] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e09c | out: ppvObject=0x18e09c*=0x0) returned 0x80004002 [0178.095] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e04c | out: ppvObject=0x18e04c*=0x0) returned 0x80004002 [0178.095] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e058 | out: ppvObject=0x18e058*=0x0) returned 0x80004002 [0178.096] CoGetContextToken (in: pToken=0x18e0b8 | out: pToken=0x18e0b8) returned 0x0 [0178.096] CoGetObjectContext (in: riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xe33950c | out: ppv=0xe33950c*=0xb71a30) returned 0x0 [0178.096] CoGetContextToken (in: pToken=0x18e4c0 | out: pToken=0x18e4c0) returned 0x0 [0178.096] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e54c | out: ppvObject=0x18e54c*=0x0) returned 0x80004002 [0178.096] WbemLocator:IUnknown:Release (This=0xc16568) returned 0x2 [0178.096] WbemLocator:IUnknown:Release (This=0xc16568) returned 0x1 [0178.096] CoGetContextToken (in: pToken=0x18eb48 | out: pToken=0x18eb48) returned 0x0 [0178.096] CoGetContextToken (in: pToken=0x18eaa8 | out: pToken=0x18eaa8) returned 0x0 [0178.096] WbemLocator:IUnknown:QueryInterface (in: This=0xc16568, riid=0x18eb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb74 | out: ppvObject=0x18eb74*=0xc16568) returned 0x0 [0178.096] WbemLocator:IUnknown:AddRef (This=0xc16568) returned 0x3 [0178.096] WbemLocator:IUnknown:Release (This=0xc16568) returned 0x2 [0178.096] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed10 | out: puCount=0x18ed10*=0x2) returned 0x0 [0178.096] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed0c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed0c*=0xf, pszText=0x0) returned 0x0 [0178.097] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=8, puBuffLength=0x18ed0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.097] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18ebe8 | out: ppv=0x18ebe8*=0xc16488) returned 0x0 [0178.097] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16488, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec7c | out: ppNamespace=0x18ec7c*=0xc15698) returned 0x0 [0178.148] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb10 | out: ppvObject=0x18eb10*=0xbbf7dc) returned 0x0 [0178.148] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbf7dc, pProxy=0xc15698, pAuthnSvc=0x18eb60, pAuthzSvc=0x18eb5c, pServerPrincName=0x18eb54, pAuthnLevel=0x18eb58, pImpLevel=0x18eb48, pAuthInfo=0x18eb4c, pCapabilites=0x18eb50 | out: pAuthnSvc=0x18eb60*=0xa, pAuthzSvc=0x18eb5c*=0x0, pServerPrincName=0x18eb54, pAuthnLevel=0x18eb58*=0x6, pImpLevel=0x18eb48*=0x2, pAuthInfo=0x18eb4c, pCapabilites=0x18eb50*=0x1) returned 0x0 [0178.148] WbemLocator:IUnknown:Release (This=0xbbf7dc) returned 0x1 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb04 | out: ppvObject=0x18eb04*=0xbbf800) returned 0x0 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaf0 | out: ppvObject=0x18eaf0*=0xbbf7dc) returned 0x0 [0178.149] WbemLocator:IClientSecurity:SetBlanket (This=0xbbf7dc, pProxy=0xc15698, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.149] WbemLocator:IUnknown:Release (This=0xbbf7dc) returned 0x2 [0178.149] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0178.149] CoTaskMemFree (pv=0xe2f29d8) [0178.149] WbemLocator:IUnknown:Release (This=0xc16488) returned 0x0 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e700 | out: ppvObject=0x18e700*=0xbbf800) returned 0x0 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6bc | out: ppvObject=0x18e6bc*=0x0) returned 0x80004002 [0178.154] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e4dc | out: ppvObject=0x18e4dc*=0x0) returned 0x80004002 [0178.159] WbemLocator:IUnknown:QueryInterface (in: This=0xc15698, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2b4 | out: ppvObject=0x18e2b4*=0x0) returned 0x80004002 [0178.166] WbemLocator:IUnknown:AddRef (This=0xbbf800) returned 0x3 [0178.166] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0178.166] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0178.166] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dfd0 | out: ppvObject=0x18dfd0*=0xbbf75c) returned 0x0 [0178.167] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf75c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dfd8 | out: pCid=0x18dfd8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.167] WbemLocator:IUnknown:Release (This=0xbbf75c) returned 0x3 [0178.167] CoGetContextToken (in: pToken=0x18e030 | out: pToken=0x18e030) returned 0x0 [0178.167] CoGetContextToken (in: pToken=0x18e438 | out: pToken=0x18e438) returned 0x0 [0178.167] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4c4 | out: ppvObject=0x18e4c4*=0xbbf7e4) returned 0x0 [0178.167] WbemLocator:IRpcOptions:Query (in: This=0xbbf7e4, pPrx=0xbbf800, dwProperty=2, pdwValue=0x18e4d0 | out: pdwValue=0x18e4d0) returned 0x80004002 [0178.167] WbemLocator:IUnknown:Release (This=0xbbf7e4) returned 0x3 [0178.167] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x2 [0178.167] CoGetContextToken (in: pToken=0x18ea10 | out: pToken=0x18ea10) returned 0x0 [0178.167] CoGetContextToken (in: pToken=0x18e970 | out: pToken=0x18e970) returned 0x0 [0178.167] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x18ea40*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18ea3c | out: ppvObject=0x18ea3c*=0xc15698) returned 0x0 [0178.167] WbemLocator:IUnknown:AddRef (This=0xc15698) returned 0x4 [0178.167] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x3 [0178.167] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x2 [0178.167] SysStringLen (param_1=0x0) returned 0x0 [0178.167] CoGetContextToken (in: pToken=0x18ea18 | out: pToken=0x18ea18) returned 0x0 [0178.168] WbemLocator:IUnknown:AddRef (This=0xbbf800) returned 0x3 [0178.168] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf800, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8ac | out: ppvObject=0x18e8ac*=0xbbf800) returned 0x0 [0178.168] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x3 [0178.168] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x2 [0178.168] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0178.168] WbemLocator:IUnknown:AddRef (This=0xc15698) returned 0x3 [0178.168] IWbemServices:ExecQuery (in: This=0xc15698, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x18ed1c | out: ppEnum=0x18ed1c*=0xb7a498) returned 0x0 [0178.218] IUnknown:QueryInterface (in: This=0xb7a498, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb54 | out: ppvObject=0x18eb54*=0xb7a49c) returned 0x0 [0178.218] IClientSecurity:QueryBlanket (in: This=0xb7a49c, pProxy=0xb7a498, pAuthnSvc=0x18eba4, pAuthzSvc=0x18eba0, pServerPrincName=0x18eb98, pAuthnLevel=0x18eb9c, pImpLevel=0x18eb8c, pAuthInfo=0x18eb90, pCapabilites=0x18eb94 | out: pAuthnSvc=0x18eba4*=0xa, pAuthzSvc=0x18eba0*=0x0, pServerPrincName=0x18eb98, pAuthnLevel=0x18eb9c*=0x6, pImpLevel=0x18eb8c*=0x2, pAuthInfo=0x18eb90, pCapabilites=0x18eb94*=0x1) returned 0x0 [0178.219] IUnknown:Release (This=0xb7a49c) returned 0x1 [0178.219] IUnknown:QueryInterface (in: This=0xb7a498, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb48 | out: ppvObject=0x18eb48*=0xbbf600) returned 0x0 [0178.219] IUnknown:QueryInterface (in: This=0xb7a498, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb34 | out: ppvObject=0x18eb34*=0xb7a49c) returned 0x0 [0178.219] IClientSecurity:SetBlanket (This=0xb7a49c, pProxy=0xb7a498, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.376] IUnknown:Release (This=0xb7a49c) returned 0x2 [0178.376] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0178.376] CoTaskMemFree (pv=0xe2f2cd8) [0178.377] IUnknown:QueryInterface (in: This=0xb7a498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e740 | out: ppvObject=0x18e740*=0xbbf600) returned 0x0 [0178.377] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6fc | out: ppvObject=0x18e6fc*=0x0) returned 0x80004002 [0178.377] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e51c | out: ppvObject=0x18e51c*=0x0) returned 0x80004002 [0178.378] IUnknown:QueryInterface (in: This=0xb7a498, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2f4 | out: ppvObject=0x18e2f4*=0x0) returned 0x80004002 [0178.378] WbemLocator:IUnknown:AddRef (This=0xbbf600) returned 0x3 [0178.378] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e054 | out: ppvObject=0x18e054*=0x0) returned 0x80004002 [0178.378] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e004 | out: ppvObject=0x18e004*=0x0) returned 0x80004002 [0178.378] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e010 | out: ppvObject=0x18e010*=0xbbf55c) returned 0x0 [0178.378] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf55c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e018 | out: pCid=0x18e018*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.378] WbemLocator:IUnknown:Release (This=0xbbf55c) returned 0x3 [0178.378] CoGetContextToken (in: pToken=0x18e070 | out: pToken=0x18e070) returned 0x0 [0178.379] CoGetContextToken (in: pToken=0x18e478 | out: pToken=0x18e478) returned 0x0 [0178.379] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0xbbf5e4) returned 0x0 [0178.379] WbemLocator:IRpcOptions:Query (in: This=0xbbf5e4, pPrx=0xbbf600, dwProperty=2, pdwValue=0x18e510 | out: pdwValue=0x18e510) returned 0x80004002 [0178.379] WbemLocator:IUnknown:Release (This=0xbbf5e4) returned 0x3 [0178.379] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x2 [0178.379] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0178.379] CoGetContextToken (in: pToken=0x18e9b0 | out: pToken=0x18e9b0) returned 0x0 [0178.379] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x18ea80*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea7c | out: ppvObject=0x18ea7c*=0xb7a498) returned 0x0 [0178.379] IUnknown:AddRef (This=0xb7a498) returned 0x4 [0178.379] IUnknown:Release (This=0xb7a498) returned 0x3 [0178.379] IUnknown:Release (This=0xb7a498) returned 0x2 [0178.379] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x2 [0178.379] SysStringLen (param_1=0x0) returned 0x0 [0178.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed68 | out: puCount=0x18ed68*=0x2) returned 0x0 [0178.379] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed64*=0x0, pszText=0x0 | out: puBuffLength=0x18ed64*=0xf, pszText=0x0) returned 0x0 [0178.379] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed64*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed64*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.379] CoGetContextToken (in: pToken=0x18ebb8 | out: pToken=0x18ebb8) returned 0x0 [0178.379] IUnknown:AddRef (This=0xb7a498) returned 0x3 [0178.380] IEnumWbemClassObject:Clone (in: This=0xb7a498, ppEnum=0x18ed74 | out: ppEnum=0x18ed74*=0xb7aa10) returned 0x0 [0178.381] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec30 | out: ppvObject=0x18ec30*=0xb7aa14) returned 0x0 [0178.381] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ec80, pAuthzSvc=0x18ec7c, pServerPrincName=0x18ec74, pAuthnLevel=0x18ec78, pImpLevel=0x18ec68, pAuthInfo=0x18ec6c, pCapabilites=0x18ec70 | out: pAuthnSvc=0x18ec80*=0xa, pAuthzSvc=0x18ec7c*=0x0, pServerPrincName=0x18ec74, pAuthnLevel=0x18ec78*=0x6, pImpLevel=0x18ec68*=0x2, pAuthInfo=0x18ec6c, pCapabilites=0x18ec70*=0x1) returned 0x0 [0178.381] IUnknown:Release (This=0xb7aa14) returned 0x1 [0178.381] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec24 | out: ppvObject=0x18ec24*=0xbbec00) returned 0x0 [0178.381] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ec10 | out: ppvObject=0x18ec10*=0xb7aa14) returned 0x0 [0178.381] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.382] IUnknown:Release (This=0xb7aa14) returned 0x2 [0178.382] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0178.382] CoTaskMemFree (pv=0xe2f2be8) [0178.383] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e80c | out: ppvObject=0x18e80c*=0xbbec00) returned 0x0 [0178.383] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e7c8 | out: ppvObject=0x18e7c8*=0x0) returned 0x80004002 [0178.453] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5e4 | out: ppvObject=0x18e5e4*=0x0) returned 0x80004002 [0178.454] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e3bc | out: ppvObject=0x18e3bc*=0x0) returned 0x80004002 [0178.455] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0178.455] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e11c | out: ppvObject=0x18e11c*=0x0) returned 0x80004002 [0178.455] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e0cc | out: ppvObject=0x18e0cc*=0x0) returned 0x80004002 [0178.455] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0d8 | out: ppvObject=0x18e0d8*=0xbbeb5c) returned 0x0 [0178.455] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0e0 | out: pCid=0x18e0e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.455] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0178.455] CoGetContextToken (in: pToken=0x18e138 | out: pToken=0x18e138) returned 0x0 [0178.456] CoGetContextToken (in: pToken=0x18e540 | out: pToken=0x18e540) returned 0x0 [0178.456] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e5cc | out: ppvObject=0x18e5cc*=0xbbebe4) returned 0x0 [0178.456] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e5d8 | out: pdwValue=0x18e5d8) returned 0x80004002 [0178.456] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0178.456] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0178.456] CoGetContextToken (in: pToken=0x18eb20 | out: pToken=0x18eb20) returned 0x0 [0178.456] CoGetContextToken (in: pToken=0x18ea80 | out: pToken=0x18ea80) returned 0x0 [0178.456] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18eb50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb4c | out: ppvObject=0x18eb4c*=0xb7aa10) returned 0x0 [0178.456] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0178.457] IUnknown:Release (This=0xb7aa10) returned 0x3 [0178.457] IUnknown:Release (This=0xb7aa10) returned 0x2 [0178.457] IUnknown:Release (This=0xb7a498) returned 0x2 [0178.457] SysStringLen (param_1=0x0) returned 0x0 [0178.457] IEnumWbemClassObject:Reset (This=0xb7aa10) returned 0x0 [0178.458] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0178.458] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6bb7a50 | out: apObjects=0xc16418*=0xbfc818, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.577] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xbfc818) returned 0x0 [0179.577] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.577] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.577] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.578] IUnknown:AddRef (This=0xbfc818) returned 0x3 [0179.578] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.578] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.578] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xbfc81c) returned 0x0 [0179.578] IMarshal:GetUnmarshalClass (in: This=0xbfc81c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.578] IUnknown:Release (This=0xbfc81c) returned 0x3 [0179.578] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.578] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.578] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.578] IUnknown:Release (This=0xbfc818) returned 0x2 [0179.578] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.578] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.578] IUnknown:QueryInterface (in: This=0xbfc818, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xbfc818) returned 0x0 [0179.579] IUnknown:AddRef (This=0xbfc818) returned 0x4 [0179.579] IUnknown:Release (This=0xbfc818) returned 0x3 [0179.579] IUnknown:Release (This=0xbfc818) returned 0x2 [0179.579] CoTaskMemFree (pv=0xc16418) [0179.579] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.579] IUnknown:AddRef (This=0xbfc818) returned 0x3 [0179.579] IWbemClassObject:Get (in: This=0xbfc818, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.579] IWbemClassObject:Get (in: This=0xbfc818, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.579] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x5c [0179.579] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x5c [0179.580] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.580] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.580] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.580] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.584] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16508) returned 0x0 [0179.584] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.584] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc2e90) returned 0x0 [0179.585] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc2e90) returned 0x0 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.585] WbemDefPath:IUnknown:AddRef (This=0xbc2e90) returned 0x3 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.585] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3396e8) returned 0x0 [0179.585] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3396e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.585] WbemDefPath:IUnknown:Release (This=0xe3396e8) returned 0x3 [0179.586] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.586] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.586] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x2 [0179.586] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x1 [0179.586] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.586] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.586] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2e90, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc2e90) returned 0x0 [0179.586] WbemDefPath:IUnknown:AddRef (This=0xbc2e90) returned 0x3 [0179.586] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x2 [0179.586] WbemDefPath:IWbemPath:SetText (This=0xbc2e90, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"452\"") returned 0x0 [0179.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.586] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.586] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.587] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.587] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.587] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.587] IWbemClassObject:Get (in: This=0xbfc818, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb83ec*=0, plFlavor=0x6bb83f0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c4, varVal2=0x0), pType=0x6bb83ec*=19, plFlavor=0x6bb83f0*=0) returned 0x0 [0179.587] IWbemClassObject:Get (in: This=0xbfc818, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb83ec*=19, plFlavor=0x6bb83f0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c4, varVal2=0x0), pType=0x6bb83ec*=19, plFlavor=0x6bb83f0*=0) returned 0x0 [0179.588] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.588] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.588] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.589] IWbemClassObject:Get (in: This=0xbfc818, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb8534*=0, plFlavor=0x6bb8538*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x6bb8534*=8, plFlavor=0x6bb8538*=0) returned 0x0 [0179.589] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0179.589] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0179.589] IWbemClassObject:Get (in: This=0xbfc818, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb8534*=8, plFlavor=0x6bb8538*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x6bb8534*=8, plFlavor=0x6bb8538*=0) returned 0x0 [0179.589] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0179.589] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0179.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.589] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.589] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.590] IWbemClassObject:Get (in: This=0xbfc818, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb86b0*=0, plFlavor=0x6bb86b4*=0 | out: pVal=0x18ed68*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb86b0*=8, plFlavor=0x6bb86b4*=32) returned 0x0 [0179.594] IWbemClassObject:Get (in: This=0xbfc818, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb86b0*=8, plFlavor=0x6bb86b4*=32 | out: pVal=0x18ed70*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb86b0*=8, plFlavor=0x6bb86b4*=32) returned 0x0 [0179.594] CoTaskMemAlloc (cb=0x4) returned 0xc164f8 [0179.595] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164f8, puReturned=0x6bb7a50 | out: apObjects=0xc164f8*=0xbfc350, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.596] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xbfc350) returned 0x0 [0179.596] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.596] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.596] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.596] IUnknown:AddRef (This=0xbfc350) returned 0x3 [0179.596] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.597] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.597] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xbfc354) returned 0x0 [0179.597] IMarshal:GetUnmarshalClass (in: This=0xbfc354, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.597] IUnknown:Release (This=0xbfc354) returned 0x3 [0179.597] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.597] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.597] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.597] IUnknown:Release (This=0xbfc350) returned 0x2 [0179.597] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.597] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.597] IUnknown:QueryInterface (in: This=0xbfc350, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xbfc350) returned 0x0 [0179.598] IUnknown:AddRef (This=0xbfc350) returned 0x4 [0179.598] IUnknown:Release (This=0xbfc350) returned 0x3 [0179.598] IUnknown:Release (This=0xbfc350) returned 0x2 [0179.598] CoTaskMemFree (pv=0xc164f8) [0179.598] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.598] IUnknown:AddRef (This=0xbfc350) returned 0x3 [0179.598] IWbemClassObject:Get (in: This=0xbfc350, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.598] IWbemClassObject:Get (in: This=0xbfc350, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.598] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x5c [0179.598] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x5c [0179.598] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.599] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.599] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.599] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.600] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16508) returned 0x0 [0179.600] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16508, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.600] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16508, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc33d0) returned 0x0 [0179.600] WbemDefPath:IUnknown:Release (This=0xc16508) returned 0x0 [0179.600] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc33d0) returned 0x0 [0179.600] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.601] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.601] WbemDefPath:IUnknown:AddRef (This=0xbc33d0) returned 0x3 [0179.601] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.601] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.601] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339838) returned 0x0 [0179.601] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339838, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.601] WbemDefPath:IUnknown:Release (This=0xe339838) returned 0x3 [0179.601] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.601] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.601] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.601] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x2 [0179.601] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x1 [0179.602] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.602] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.602] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc33d0, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc33d0) returned 0x0 [0179.602] WbemDefPath:IUnknown:AddRef (This=0xbc33d0) returned 0x3 [0179.602] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x2 [0179.602] WbemDefPath:IWbemPath:SetText (This=0xbc33d0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"504\"") returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.602] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.602] IWbemClassObject:Get (in: This=0xbfc350, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9014*=0, plFlavor=0x6bb9018*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f8, varVal2=0x0), pType=0x6bb9014*=19, plFlavor=0x6bb9018*=0) returned 0x0 [0179.603] IWbemClassObject:Get (in: This=0xbfc350, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9014*=19, plFlavor=0x6bb9018*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f8, varVal2=0x0), pType=0x6bb9014*=19, plFlavor=0x6bb9018*=0) returned 0x0 [0179.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.603] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.603] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.603] IWbemClassObject:Get (in: This=0xbfc350, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb915c*=0, plFlavor=0x6bb9160*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bb915c*=8, plFlavor=0x6bb9160*=0) returned 0x0 [0179.603] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.603] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.604] IWbemClassObject:Get (in: This=0xbfc350, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb915c*=8, plFlavor=0x6bb9160*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bb915c*=8, plFlavor=0x6bb9160*=0) returned 0x0 [0179.604] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.604] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.604] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.604] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.604] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.604] IWbemClassObject:Get (in: This=0xbfc350, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb92e8*=0, plFlavor=0x6bb92ec*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bb92e8*=8, plFlavor=0x6bb92ec*=0) returned 0x0 [0179.604] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.604] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.605] IWbemClassObject:Get (in: This=0xbfc350, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb92e8*=8, plFlavor=0x6bb92ec*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x6bb92e8*=8, plFlavor=0x6bb92ec*=0) returned 0x0 [0179.605] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.605] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0179.605] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0179.605] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6bb7a50 | out: apObjects=0xc16468*=0xbfc4e8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.606] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xbfc4e8) returned 0x0 [0179.606] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.606] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.606] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.607] IUnknown:AddRef (This=0xbfc4e8) returned 0x3 [0179.607] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.607] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.607] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xbfc4ec) returned 0x0 [0179.607] IMarshal:GetUnmarshalClass (in: This=0xbfc4ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.607] IUnknown:Release (This=0xbfc4ec) returned 0x3 [0179.607] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.607] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.607] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.608] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0179.608] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.608] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.608] IUnknown:QueryInterface (in: This=0xbfc4e8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xbfc4e8) returned 0x0 [0179.608] IUnknown:AddRef (This=0xbfc4e8) returned 0x4 [0179.608] IUnknown:Release (This=0xbfc4e8) returned 0x3 [0179.608] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0179.608] CoTaskMemFree (pv=0xc16468) [0179.608] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.608] IUnknown:AddRef (This=0xbfc4e8) returned 0x3 [0179.608] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.608] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.608] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x5c [0179.608] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x5c [0179.609] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.609] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.609] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.609] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.610] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0179.610] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.610] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc2f70) returned 0x0 [0179.610] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0179.610] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc2f70) returned 0x0 [0179.610] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.611] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.611] WbemDefPath:IUnknown:AddRef (This=0xbc2f70) returned 0x3 [0179.611] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.611] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.611] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339898) returned 0x0 [0179.611] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339898, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.611] WbemDefPath:IUnknown:Release (This=0xe339898) returned 0x3 [0179.611] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.611] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.611] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.611] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x2 [0179.612] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x1 [0179.612] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.612] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.612] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2f70, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc2f70) returned 0x0 [0179.612] WbemDefPath:IUnknown:AddRef (This=0xbc2f70) returned 0x3 [0179.612] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x2 [0179.612] WbemDefPath:IWbemPath:SetText (This=0xbc2f70, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"808\"") returned 0x0 [0179.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.612] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.658] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.659] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.659] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.659] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9ca0*=0, plFlavor=0x6bb9ca4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x328, varVal2=0x0), pType=0x6bb9ca0*=19, plFlavor=0x6bb9ca4*=0) returned 0x0 [0179.659] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9ca0*=19, plFlavor=0x6bb9ca4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x328, varVal2=0x0), pType=0x6bb9ca0*=19, plFlavor=0x6bb9ca4*=0) returned 0x0 [0179.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.660] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.660] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.660] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9de8*=0, plFlavor=0x6bb9dec*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x6bb9de8*=8, plFlavor=0x6bb9dec*=0) returned 0x0 [0179.662] SysStringByteLen (bstr="dwm.exe") returned 0xe [0179.662] SysStringByteLen (bstr="dwm.exe") returned 0xe [0179.663] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9de8*=8, plFlavor=0x6bb9dec*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x6bb9de8*=8, plFlavor=0x6bb9dec*=0) returned 0x0 [0179.663] SysStringByteLen (bstr="dwm.exe") returned 0xe [0179.663] SysStringByteLen (bstr="dwm.exe") returned 0xe [0179.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.663] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.663] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.664] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9f5c*=0, plFlavor=0x6bb9f60*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"dwm.exe\"", varVal2=0x0), pType=0x6bb9f5c*=8, plFlavor=0x6bb9f60*=0) returned 0x0 [0179.664] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0179.664] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0179.664] IWbemClassObject:Get (in: This=0xbfc4e8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bb9f5c*=8, plFlavor=0x6bb9f60*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"dwm.exe\"", varVal2=0x0), pType=0x6bb9f5c*=8, plFlavor=0x6bb9f60*=0) returned 0x0 [0179.664] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0179.664] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0179.664] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0179.664] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6bb7a50 | out: apObjects=0xc163d8*=0xbfc680, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.665] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xbfc680) returned 0x0 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.666] IUnknown:AddRef (This=0xbfc680) returned 0x3 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.666] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xbfc684) returned 0x0 [0179.666] IMarshal:GetUnmarshalClass (in: This=0xbfc684, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.666] IUnknown:Release (This=0xbfc684) returned 0x3 [0179.666] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.666] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.667] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.667] IUnknown:Release (This=0xbfc680) returned 0x2 [0179.667] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.667] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.667] IUnknown:QueryInterface (in: This=0xbfc680, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xbfc680) returned 0x0 [0179.667] IUnknown:AddRef (This=0xbfc680) returned 0x4 [0179.667] IUnknown:Release (This=0xbfc680) returned 0x3 [0179.667] IUnknown:Release (This=0xbfc680) returned 0x2 [0179.667] CoTaskMemFree (pv=0xc163d8) [0179.667] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.667] IUnknown:AddRef (This=0xbfc680) returned 0x3 [0179.667] IWbemClassObject:Get (in: This=0xbfc680, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.667] IWbemClassObject:Get (in: This=0xbfc680, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.668] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x5e [0179.668] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x5e [0179.668] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.668] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.668] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.668] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.669] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163d8) returned 0x0 [0179.669] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.669] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc2fe0) returned 0x0 [0179.670] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc2fe0) returned 0x0 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.670] WbemDefPath:IUnknown:AddRef (This=0xbc2fe0) returned 0x3 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.670] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339b20) returned 0x0 [0179.670] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339b20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.670] WbemDefPath:IUnknown:Release (This=0xe339b20) returned 0x3 [0179.670] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.671] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.671] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x2 [0179.671] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x1 [0179.671] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.671] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.671] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc2fe0, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc2fe0) returned 0x0 [0179.671] WbemDefPath:IUnknown:AddRef (This=0xbc2fe0) returned 0x3 [0179.671] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x2 [0179.671] WbemDefPath:IWbemPath:SetText (This=0xbc2fe0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1408\"") returned 0x0 [0179.671] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.671] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.672] IWbemClassObject:Get (in: This=0xbfc680, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bba8f4*=0, plFlavor=0x6bba8f8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x580, varVal2=0x0), pType=0x6bba8f4*=19, plFlavor=0x6bba8f8*=0) returned 0x0 [0179.672] IWbemClassObject:Get (in: This=0xbfc680, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bba8f4*=19, plFlavor=0x6bba8f8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x580, varVal2=0x0), pType=0x6bba8f4*=19, plFlavor=0x6bba8f8*=0) returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.672] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.673] IWbemClassObject:Get (in: This=0xbfc680, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbaa40*=0, plFlavor=0x6bbaa44*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6bbaa40*=8, plFlavor=0x6bbaa44*=0) returned 0x0 [0179.673] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.673] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.673] IWbemClassObject:Get (in: This=0xbfc680, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbaa40*=8, plFlavor=0x6bbaa44*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6bbaa40*=8, plFlavor=0x6bbaa44*=0) returned 0x0 [0179.673] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.673] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.673] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.674] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.674] IWbemClassObject:Get (in: This=0xbfc680, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbabc4*=0, plFlavor=0x6bbabc8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6bbabc4*=8, plFlavor=0x6bbabc8*=0) returned 0x0 [0179.674] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.674] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.674] IWbemClassObject:Get (in: This=0xbfc680, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbabc4*=8, plFlavor=0x6bbabc8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x6bbabc4*=8, plFlavor=0x6bbabc8*=0) returned 0x0 [0179.674] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.674] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0179.674] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0179.674] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6bb7a50 | out: apObjects=0xc163d8*=0xe30d528, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.675] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d528) returned 0x0 [0179.676] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.676] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.678] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.678] IUnknown:AddRef (This=0xe30d528) returned 0x3 [0179.678] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.678] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.678] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d52c) returned 0x0 [0179.678] IMarshal:GetUnmarshalClass (in: This=0xe30d52c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.679] IUnknown:Release (This=0xe30d52c) returned 0x3 [0179.679] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.679] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.679] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.679] IUnknown:Release (This=0xe30d528) returned 0x2 [0179.679] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.679] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.679] IUnknown:QueryInterface (in: This=0xe30d528, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d528) returned 0x0 [0179.679] IUnknown:AddRef (This=0xe30d528) returned 0x4 [0179.679] IUnknown:Release (This=0xe30d528) returned 0x3 [0179.679] IUnknown:Release (This=0xe30d528) returned 0x2 [0179.679] CoTaskMemFree (pv=0xc163d8) [0179.679] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.679] IUnknown:AddRef (This=0xe30d528) returned 0x3 [0179.680] IWbemClassObject:Get (in: This=0xe30d528, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.680] IWbemClassObject:Get (in: This=0xe30d528, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.680] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x5e [0179.680] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x5e [0179.680] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.680] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.680] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.680] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.681] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.682] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc3050) returned 0x0 [0179.682] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc3050) returned 0x0 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.682] WbemDefPath:IUnknown:AddRef (This=0xbc3050) returned 0x3 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.682] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339b98) returned 0x0 [0179.683] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339b98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.683] WbemDefPath:IUnknown:Release (This=0xe339b98) returned 0x3 [0179.683] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.683] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.683] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.683] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x2 [0179.683] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x1 [0179.683] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.683] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.683] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3050, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc3050) returned 0x0 [0179.683] WbemDefPath:IUnknown:AddRef (This=0xbc3050) returned 0x3 [0179.683] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x2 [0179.683] WbemDefPath:IWbemPath:SetText (This=0xbc3050, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1588\"") returned 0x0 [0179.683] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.683] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.683] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.684] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.684] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.684] IWbemClassObject:Get (in: This=0xe30d528, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb56c*=0, plFlavor=0x6bbb570*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x634, varVal2=0x0), pType=0x6bbb56c*=19, plFlavor=0x6bbb570*=0) returned 0x0 [0179.684] IWbemClassObject:Get (in: This=0xe30d528, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb56c*=19, plFlavor=0x6bbb570*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x634, varVal2=0x0), pType=0x6bbb56c*=19, plFlavor=0x6bbb570*=0) returned 0x0 [0179.685] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.685] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.685] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.685] IWbemClassObject:Get (in: This=0xe30d528, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb6b8*=0, plFlavor=0x6bbb6bc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x6bbb6b8*=8, plFlavor=0x6bbb6bc*=0) returned 0x0 [0179.685] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0179.685] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0179.685] IWbemClassObject:Get (in: This=0xe30d528, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb6b8*=8, plFlavor=0x6bbb6bc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x6bbb6b8*=8, plFlavor=0x6bbb6bc*=0) returned 0x0 [0179.685] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0179.685] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0179.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.686] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.686] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.686] IWbemClassObject:Get (in: This=0xe30d528, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb854*=0, plFlavor=0x6bbb858*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x6bbb854*=8, plFlavor=0x6bbb858*=0) returned 0x0 [0179.686] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0179.686] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0179.686] IWbemClassObject:Get (in: This=0xe30d528, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbb854*=8, plFlavor=0x6bbb858*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x6bbb854*=8, plFlavor=0x6bbb858*=0) returned 0x0 [0179.686] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0179.686] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0179.686] CoTaskMemAlloc (cb=0x4) returned 0xc163d8 [0179.686] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163d8, puReturned=0x6bb7a50 | out: apObjects=0xc163d8*=0xe30ca00, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30ca00) returned 0x0 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.688] IUnknown:AddRef (This=0xe30ca00) returned 0x3 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.688] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.689] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30ca04) returned 0x0 [0179.689] IMarshal:GetUnmarshalClass (in: This=0xe30ca04, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.689] IUnknown:Release (This=0xe30ca04) returned 0x3 [0179.689] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.689] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.689] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.689] IUnknown:Release (This=0xe30ca00) returned 0x2 [0179.689] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.689] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.689] IUnknown:QueryInterface (in: This=0xe30ca00, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30ca00) returned 0x0 [0179.689] IUnknown:AddRef (This=0xe30ca00) returned 0x4 [0179.689] IUnknown:Release (This=0xe30ca00) returned 0x3 [0179.689] IUnknown:Release (This=0xe30ca00) returned 0x2 [0179.689] CoTaskMemFree (pv=0xc163d8) [0179.689] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.690] IUnknown:AddRef (This=0xe30ca00) returned 0x3 [0179.690] IWbemClassObject:Get (in: This=0xe30ca00, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.690] IWbemClassObject:Get (in: This=0xe30ca00, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.690] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x5e [0179.690] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x5e [0179.690] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.691] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.691] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.691] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.694] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163d8) returned 0x0 [0179.694] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163d8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.694] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163d8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc31a0) returned 0x0 [0179.695] WbemDefPath:IUnknown:Release (This=0xc163d8) returned 0x0 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc31a0) returned 0x0 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.695] WbemDefPath:IUnknown:AddRef (This=0xbc31a0) returned 0x3 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.695] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339f10) returned 0x0 [0179.695] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339f10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.695] WbemDefPath:IUnknown:Release (This=0xe339f10) returned 0x3 [0179.695] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.696] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.696] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.696] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x2 [0179.696] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x1 [0179.696] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.696] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.696] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc31a0, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc31a0) returned 0x0 [0179.696] WbemDefPath:IUnknown:AddRef (This=0xbc31a0) returned 0x3 [0179.696] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x2 [0179.696] WbemDefPath:IWbemPath:SetText (This=0xbc31a0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2024\"") returned 0x0 [0179.696] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.696] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.696] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.697] IWbemClassObject:Get (in: This=0xe30ca00, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc31c*=0, plFlavor=0x6bbc320*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7e8, varVal2=0x0), pType=0x6bbc31c*=19, plFlavor=0x6bbc320*=0) returned 0x0 [0179.697] IWbemClassObject:Get (in: This=0xe30ca00, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc31c*=19, plFlavor=0x6bbc320*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7e8, varVal2=0x0), pType=0x6bbc31c*=19, plFlavor=0x6bbc320*=0) returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.697] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.698] IWbemClassObject:Get (in: This=0xe30ca00, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc468*=0, plFlavor=0x6bbc46c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x6bbc468*=8, plFlavor=0x6bbc46c*=0) returned 0x0 [0179.698] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0179.698] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0179.698] IWbemClassObject:Get (in: This=0xe30ca00, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc468*=8, plFlavor=0x6bbc46c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x6bbc468*=8, plFlavor=0x6bbc46c*=0) returned 0x0 [0179.698] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0179.698] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0179.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.698] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.698] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.699] IWbemClassObject:Get (in: This=0xe30ca00, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc5f4*=0, plFlavor=0x6bbc5f8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\Explorer.EXE", varVal2=0x0), pType=0x6bbc5f4*=8, plFlavor=0x6bbc5f8*=0) returned 0x0 [0179.699] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0179.699] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0179.699] IWbemClassObject:Get (in: This=0xe30ca00, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbc5f4*=8, plFlavor=0x6bbc5f8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\Explorer.EXE", varVal2=0x0), pType=0x6bbc5f4*=8, plFlavor=0x6bbc5f8*=0) returned 0x0 [0179.699] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0179.699] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0179.699] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0179.699] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30bed8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.700] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30bed8) returned 0x0 [0179.700] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.700] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.700] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.701] IUnknown:AddRef (This=0xe30bed8) returned 0x3 [0179.701] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.701] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.701] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30bedc) returned 0x0 [0179.701] IMarshal:GetUnmarshalClass (in: This=0xe30bedc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.701] IUnknown:Release (This=0xe30bedc) returned 0x3 [0179.701] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.701] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.701] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.701] IUnknown:Release (This=0xe30bed8) returned 0x2 [0179.701] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.701] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.701] IUnknown:QueryInterface (in: This=0xe30bed8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30bed8) returned 0x0 [0179.701] IUnknown:AddRef (This=0xe30bed8) returned 0x4 [0179.701] IUnknown:Release (This=0xe30bed8) returned 0x3 [0179.702] IUnknown:Release (This=0xe30bed8) returned 0x2 [0179.702] CoTaskMemFree (pv=0xc16588) [0179.702] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.702] IUnknown:AddRef (This=0xe30bed8) returned 0x3 [0179.702] IWbemClassObject:Get (in: This=0xe30bed8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.702] IWbemClassObject:Get (in: This=0xe30bed8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.702] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x5c [0179.702] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x5c [0179.702] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.702] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.702] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.703] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.707] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16468) returned 0x0 [0179.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.707] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16468, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc30c0) returned 0x0 [0179.707] WbemDefPath:IUnknown:Release (This=0xc16468) returned 0x0 [0179.707] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc30c0) returned 0x0 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.708] WbemDefPath:IUnknown:AddRef (This=0xbc30c0) returned 0x3 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339dd8) returned 0x0 [0179.708] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339dd8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.708] WbemDefPath:IUnknown:Release (This=0xe339dd8) returned 0x3 [0179.708] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.708] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.708] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.708] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x2 [0179.709] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x1 [0179.709] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.709] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.709] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc30c0, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc30c0) returned 0x0 [0179.709] WbemDefPath:IUnknown:AddRef (This=0xbc30c0) returned 0x3 [0179.709] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x2 [0179.709] WbemDefPath:IWbemPath:SetText (This=0xbc30c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"736\"") returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.709] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.710] IWbemClassObject:Get (in: This=0xe30bed8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbcfec*=0, plFlavor=0x6bbcff0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2e0, varVal2=0x0), pType=0x6bbcfec*=19, plFlavor=0x6bbcff0*=0) returned 0x0 [0179.710] IWbemClassObject:Get (in: This=0xe30bed8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbcfec*=19, plFlavor=0x6bbcff0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2e0, varVal2=0x0), pType=0x6bbcfec*=19, plFlavor=0x6bbcff0*=0) returned 0x0 [0179.710] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.710] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.710] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.710] IWbemClassObject:Get (in: This=0xe30bed8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbd134*=0, plFlavor=0x6bbd138*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x6bbd134*=8, plFlavor=0x6bbd138*=0) returned 0x0 [0179.710] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0179.710] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0179.711] IWbemClassObject:Get (in: This=0xe30bed8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbd134*=8, plFlavor=0x6bbd138*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x6bbd134*=8, plFlavor=0x6bbd138*=0) returned 0x0 [0179.711] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0179.711] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0179.711] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.711] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.711] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.711] IWbemClassObject:Get (in: This=0xe30bed8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbd2c0*=0, plFlavor=0x6bbd2c4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", varVal2=0x0), pType=0x6bbd2c0*=8, plFlavor=0x6bbd2c4*=0) returned 0x0 [0179.711] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0179.711] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0179.712] IWbemClassObject:Get (in: This=0xe30bed8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbd2c0*=8, plFlavor=0x6bbd2c4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", varVal2=0x0), pType=0x6bbd2c0*=8, plFlavor=0x6bbd2c4*=0) returned 0x0 [0179.712] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0179.712] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0179.712] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0179.712] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30cb98, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30cb98) returned 0x0 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.713] IUnknown:AddRef (This=0xe30cb98) returned 0x3 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.713] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.714] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30cb9c) returned 0x0 [0179.714] IMarshal:GetUnmarshalClass (in: This=0xe30cb9c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.714] IUnknown:Release (This=0xe30cb9c) returned 0x3 [0179.714] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.714] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.714] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.714] IUnknown:Release (This=0xe30cb98) returned 0x2 [0179.714] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.714] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.714] IUnknown:QueryInterface (in: This=0xe30cb98, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30cb98) returned 0x0 [0179.714] IUnknown:AddRef (This=0xe30cb98) returned 0x4 [0179.714] IUnknown:Release (This=0xe30cb98) returned 0x3 [0179.714] IUnknown:Release (This=0xe30cb98) returned 0x2 [0179.714] CoTaskMemFree (pv=0xc16518) [0179.715] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.715] IUnknown:AddRef (This=0xe30cb98) returned 0x3 [0179.715] IWbemClassObject:Get (in: This=0xe30cb98, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.715] IWbemClassObject:Get (in: This=0xe30cb98, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.715] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x5e [0179.715] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x5e [0179.715] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.715] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.715] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.715] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.716] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.717] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc3210) returned 0x0 [0179.717] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc3210) returned 0x0 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.717] WbemDefPath:IUnknown:AddRef (This=0xbc3210) returned 0x3 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.717] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a120) returned 0x0 [0179.718] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a120, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.718] WbemDefPath:IUnknown:Release (This=0xe33a120) returned 0x3 [0179.718] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.718] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.718] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.718] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x2 [0179.718] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x1 [0179.718] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.718] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.718] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3210, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc3210) returned 0x0 [0179.718] WbemDefPath:IUnknown:AddRef (This=0xbc3210) returned 0x3 [0179.718] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x2 [0179.719] WbemDefPath:IWbemPath:SetText (This=0xbc3210, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2260\"") returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.719] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.719] IWbemClassObject:Get (in: This=0xe30cb98, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbdd68*=0, plFlavor=0x6bbdd6c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8d4, varVal2=0x0), pType=0x6bbdd68*=19, plFlavor=0x6bbdd6c*=0) returned 0x0 [0179.719] IWbemClassObject:Get (in: This=0xe30cb98, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbdd68*=19, plFlavor=0x6bbdd6c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8d4, varVal2=0x0), pType=0x6bbdd68*=19, plFlavor=0x6bbdd6c*=0) returned 0x0 [0179.720] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.720] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.720] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.720] IWbemClassObject:Get (in: This=0xe30cb98, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbdeb4*=0, plFlavor=0x6bbdeb8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x6bbdeb4*=8, plFlavor=0x6bbdeb8*=0) returned 0x0 [0179.720] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0179.720] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0179.720] IWbemClassObject:Get (in: This=0xe30cb98, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbdeb4*=8, plFlavor=0x6bbdeb8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x6bbdeb4*=8, plFlavor=0x6bbdeb8*=0) returned 0x0 [0179.720] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0179.721] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0179.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.721] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.721] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.721] IWbemClassObject:Get (in: This=0xe30cb98, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbe068*=0, plFlavor=0x6bbe06c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca", varVal2=0x0), pType=0x6bbe068*=8, plFlavor=0x6bbe06c*=0) returned 0x0 [0179.721] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0179.721] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0179.721] IWbemClassObject:Get (in: This=0xe30cb98, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbe068*=8, plFlavor=0x6bbe06c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca", varVal2=0x0), pType=0x6bbe068*=8, plFlavor=0x6bbe06c*=0) returned 0x0 [0179.769] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0179.769] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0179.769] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0179.769] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30d1f8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.772] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d1f8) returned 0x0 [0179.772] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.772] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.773] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.773] IUnknown:AddRef (This=0xe30d1f8) returned 0x3 [0179.773] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.773] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.773] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d1fc) returned 0x0 [0179.773] IMarshal:GetUnmarshalClass (in: This=0xe30d1fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.773] IUnknown:Release (This=0xe30d1fc) returned 0x3 [0179.773] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.773] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.773] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.773] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0179.773] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.774] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.774] IUnknown:QueryInterface (in: This=0xe30d1f8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d1f8) returned 0x0 [0179.774] IUnknown:AddRef (This=0xe30d1f8) returned 0x4 [0179.774] IUnknown:Release (This=0xe30d1f8) returned 0x3 [0179.774] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0179.774] CoTaskMemFree (pv=0xc16518) [0179.774] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.774] IUnknown:AddRef (This=0xe30d1f8) returned 0x3 [0179.774] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.774] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.774] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x5e [0179.774] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x5e [0179.775] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.775] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.775] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.775] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.776] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16418) returned 0x0 [0179.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.776] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc3360) returned 0x0 [0179.776] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0179.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc3360) returned 0x0 [0179.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.777] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.777] WbemDefPath:IUnknown:AddRef (This=0xbc3360) returned 0x3 [0179.777] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.777] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.777] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a060) returned 0x0 [0179.777] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a060, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.777] WbemDefPath:IUnknown:Release (This=0xe33a060) returned 0x3 [0179.777] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.777] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.777] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.777] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x2 [0179.777] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x1 [0179.778] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.778] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.778] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3360, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc3360) returned 0x0 [0179.778] WbemDefPath:IUnknown:AddRef (This=0xbc3360) returned 0x3 [0179.778] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x2 [0179.778] WbemDefPath:IWbemPath:SetText (This=0xbc3360, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2356\"") returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.778] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.778] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbed2c*=0, plFlavor=0x6bbed30*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x934, varVal2=0x0), pType=0x6bbed2c*=19, plFlavor=0x6bbed30*=0) returned 0x0 [0179.779] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbed2c*=19, plFlavor=0x6bbed30*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x934, varVal2=0x0), pType=0x6bbed2c*=19, plFlavor=0x6bbed30*=0) returned 0x0 [0179.779] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.779] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.779] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.779] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbee78*=0, plFlavor=0x6bbee7c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x6bbee78*=8, plFlavor=0x6bbee7c*=0) returned 0x0 [0179.779] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0179.779] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0179.780] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbee78*=8, plFlavor=0x6bbee7c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x6bbee78*=8, plFlavor=0x6bbee7c*=0) returned 0x0 [0179.780] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0179.780] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0179.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.780] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.780] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.780] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbf004*=0, plFlavor=0x6bbf008*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca", varVal2=0x0), pType=0x6bbf004*=8, plFlavor=0x6bbf008*=0) returned 0x0 [0179.780] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca") returned 0x116 [0179.780] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca") returned 0x116 [0179.781] IWbemClassObject:Get (in: This=0xe30d1f8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbf004*=8, plFlavor=0x6bbf008*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca", varVal2=0x0), pType=0x6bbf004*=8, plFlavor=0x6bbf008*=0) returned 0x0 [0179.781] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca") returned 0x116 [0179.781] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca") returned 0x116 [0179.781] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0179.781] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30cec8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.834] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30cec8) returned 0x0 [0179.834] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.835] IUnknown:AddRef (This=0xe30cec8) returned 0x3 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30cecc) returned 0x0 [0179.835] IMarshal:GetUnmarshalClass (in: This=0xe30cecc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.835] IUnknown:Release (This=0xe30cecc) returned 0x3 [0179.835] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.835] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.835] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.836] IUnknown:Release (This=0xe30cec8) returned 0x2 [0179.836] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.836] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.836] IUnknown:QueryInterface (in: This=0xe30cec8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30cec8) returned 0x0 [0179.836] IUnknown:AddRef (This=0xe30cec8) returned 0x4 [0179.836] IUnknown:Release (This=0xe30cec8) returned 0x3 [0179.836] IUnknown:Release (This=0xe30cec8) returned 0x2 [0179.836] CoTaskMemFree (pv=0xc16588) [0179.836] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.836] IUnknown:AddRef (This=0xe30cec8) returned 0x3 [0179.836] IWbemClassObject:Get (in: This=0xe30cec8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.836] IWbemClassObject:Get (in: This=0xe30cec8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.837] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x58 [0179.837] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x58 [0179.837] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.837] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.837] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.837] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.838] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0179.838] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.838] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xbc3280) returned 0x0 [0179.839] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xbc3280) returned 0x0 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.839] WbemDefPath:IUnknown:AddRef (This=0xbc3280) returned 0x3 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.839] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a5e8) returned 0x0 [0179.839] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a5e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.839] WbemDefPath:IUnknown:Release (This=0xe33a5e8) returned 0x3 [0179.839] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.839] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.840] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.840] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x2 [0179.840] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x1 [0179.840] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.840] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.840] WbemDefPath:IUnknown:QueryInterface (in: This=0xbc3280, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xbc3280) returned 0x0 [0179.840] WbemDefPath:IUnknown:AddRef (This=0xbc3280) returned 0x3 [0179.840] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x2 [0179.840] WbemDefPath:IWbemPath:SetText (This=0xbc3280, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"8\"") returned 0x0 [0179.840] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.840] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.840] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.841] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.841] IWbemClassObject:Get (in: This=0xe30cec8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbfcfc*=0, plFlavor=0x6bbfd00*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x6bbfcfc*=19, plFlavor=0x6bbfd00*=0) returned 0x0 [0179.841] IWbemClassObject:Get (in: This=0xe30cec8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbfcfc*=19, plFlavor=0x6bbfd00*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x6bbfcfc*=19, plFlavor=0x6bbfd00*=0) returned 0x0 [0179.841] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.841] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.842] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.842] IWbemClassObject:Get (in: This=0xe30cec8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbfe40*=0, plFlavor=0x6bbfe44*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x6bbfe40*=8, plFlavor=0x6bbfe44*=0) returned 0x0 [0179.842] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0179.842] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0179.842] IWbemClassObject:Get (in: This=0xe30cec8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbfe40*=8, plFlavor=0x6bbfe44*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x6bbfe40*=8, plFlavor=0x6bbfe44*=0) returned 0x0 [0179.842] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0179.842] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0179.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.843] IWbemClassObject:Get (in: This=0xe30cec8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbffc4*=0, plFlavor=0x6bbffc8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup", varVal2=0x0), pType=0x6bbffc4*=8, plFlavor=0x6bbffc8*=0) returned 0x0 [0179.843] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0179.843] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0179.843] IWbemClassObject:Get (in: This=0xe30cec8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bbffc4*=8, plFlavor=0x6bbffc8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup", varVal2=0x0), pType=0x6bbffc4*=8, plFlavor=0x6bbffc8*=0) returned 0x0 [0179.843] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0179.843] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0179.843] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0179.843] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30cd30, puReturned=0x6bb7a50*=0x1) returned 0x0 [0179.844] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30cd30) returned 0x0 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0179.845] IUnknown:AddRef (This=0xe30cd30) returned 0x3 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0179.845] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30cd34) returned 0x0 [0179.845] IMarshal:GetUnmarshalClass (in: This=0xe30cd34, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0179.845] IUnknown:Release (This=0xe30cd34) returned 0x3 [0179.845] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0179.846] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0179.846] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0179.846] IUnknown:Release (This=0xe30cd30) returned 0x2 [0179.846] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0179.846] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0179.846] IUnknown:QueryInterface (in: This=0xe30cd30, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30cd30) returned 0x0 [0179.846] IUnknown:AddRef (This=0xe30cd30) returned 0x4 [0179.846] IUnknown:Release (This=0xe30cd30) returned 0x3 [0179.846] IUnknown:Release (This=0xe30cd30) returned 0x2 [0179.846] CoTaskMemFree (pv=0xc16518) [0179.846] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0179.846] IUnknown:AddRef (This=0xe30cd30) returned 0x3 [0179.847] IWbemClassObject:Get (in: This=0xe30cd30, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0179.847] IWbemClassObject:Get (in: This=0xe30cd30, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0179.847] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x5e [0179.847] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x5e [0179.847] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0179.847] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0179.848] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0179.848] IUnknown:Release (This=0xb71a3c) returned 0x1 [0179.851] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16468) returned 0x0 [0179.851] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0179.851] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16468, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80238) returned 0x0 [0179.851] WbemDefPath:IUnknown:Release (This=0xc16468) returned 0x0 [0179.851] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80238) returned 0x0 [0179.851] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0179.851] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0179.852] WbemDefPath:IUnknown:AddRef (This=0xb80238) returned 0x3 [0179.852] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0179.852] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0179.852] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a378) returned 0x0 [0179.852] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a378, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.852] WbemDefPath:IUnknown:Release (This=0xe33a378) returned 0x3 [0179.852] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0179.852] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0179.852] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0179.852] WbemDefPath:IUnknown:Release (This=0xb80238) returned 0x2 [0179.852] WbemDefPath:IUnknown:Release (This=0xb80238) returned 0x1 [0179.852] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0179.853] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0179.853] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80238, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80238) returned 0x0 [0179.853] WbemDefPath:IUnknown:AddRef (This=0xb80238) returned 0x3 [0179.853] WbemDefPath:IUnknown:Release (This=0xb80238) returned 0x2 [0179.853] WbemDefPath:IWbemPath:SetText (This=0xb80238, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2880\"") returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.853] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.853] IWbemClassObject:Get (in: This=0xe30cd30, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0a5c*=0, plFlavor=0x6bc0a60*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb40, varVal2=0x0), pType=0x6bc0a5c*=19, plFlavor=0x6bc0a60*=0) returned 0x0 [0179.854] IWbemClassObject:Get (in: This=0xe30cd30, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0a5c*=19, plFlavor=0x6bc0a60*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb40, varVal2=0x0), pType=0x6bc0a5c*=19, plFlavor=0x6bc0a60*=0) returned 0x0 [0179.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.854] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.854] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.854] IWbemClassObject:Get (in: This=0xe30cd30, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0ba8*=0, plFlavor=0x6bc0bac*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ApplicationFrameHost.exe", varVal2=0x0), pType=0x6bc0ba8*=8, plFlavor=0x6bc0bac*=0) returned 0x0 [0179.854] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0179.854] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0179.855] IWbemClassObject:Get (in: This=0xe30cd30, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0ba8*=8, plFlavor=0x6bc0bac*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ApplicationFrameHost.exe", varVal2=0x0), pType=0x6bc0ba8*=8, plFlavor=0x6bc0bac*=0) returned 0x0 [0179.855] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0179.855] SysStringByteLen (bstr="ApplicationFrameHost.exe") returned 0x30 [0179.855] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0179.855] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0179.855] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.855] IWbemClassObject:Get (in: This=0xe30cd30, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0d64*=0, plFlavor=0x6bc0d68*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding", varVal2=0x0), pType=0x6bc0d64*=8, plFlavor=0x6bc0d68*=0) returned 0x0 [0179.855] SysStringByteLen (bstr="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding") returned 0x6e [0179.855] SysStringByteLen (bstr="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding") returned 0x6e [0179.856] IWbemClassObject:Get (in: This=0xe30cd30, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc0d64*=8, plFlavor=0x6bc0d68*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding", varVal2=0x0), pType=0x6bc0d64*=8, plFlavor=0x6bc0d68*=0) returned 0x0 [0179.856] SysStringByteLen (bstr="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding") returned 0x6e [0179.856] SysStringByteLen (bstr="C:\\Windows\\system32\\ApplicationFrameHost.exe -Embedding") returned 0x6e [0179.856] CoTaskMemAlloc (cb=0x4) returned 0xc16448 [0179.856] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16448, puReturned=0x6bb7a50 | out: apObjects=0xc16448*=0xe30c070, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.397] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c070) returned 0x0 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.398] IUnknown:AddRef (This=0xe30c070) returned 0x3 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.398] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c074) returned 0x0 [0181.398] IMarshal:GetUnmarshalClass (in: This=0xe30c074, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.399] IUnknown:Release (This=0xe30c074) returned 0x3 [0181.399] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.399] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.399] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.399] IUnknown:Release (This=0xe30c070) returned 0x2 [0181.399] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.399] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.399] IUnknown:QueryInterface (in: This=0xe30c070, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c070) returned 0x0 [0181.399] IUnknown:AddRef (This=0xe30c070) returned 0x4 [0181.399] IUnknown:Release (This=0xe30c070) returned 0x3 [0181.399] IUnknown:Release (This=0xe30c070) returned 0x2 [0181.399] CoTaskMemFree (pv=0xc16448) [0181.400] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.400] IUnknown:AddRef (This=0xe30c070) returned 0x3 [0181.400] IWbemClassObject:Get (in: This=0xe30c070, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.400] IWbemClassObject:Get (in: This=0xe30c070, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.400] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x5e [0181.400] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x5e [0181.401] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.401] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.401] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.401] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.403] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0181.403] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.403] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fe48) returned 0x0 [0181.403] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0181.403] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fe48) returned 0x0 [0181.403] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.404] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.404] WbemDefPath:IUnknown:AddRef (This=0xb7fe48) returned 0x3 [0181.404] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.404] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.404] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a780) returned 0x0 [0181.404] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a780, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.404] WbemDefPath:IUnknown:Release (This=0xe33a780) returned 0x3 [0181.404] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.404] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.404] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.405] WbemDefPath:IUnknown:Release (This=0xb7fe48) returned 0x2 [0181.405] WbemDefPath:IUnknown:Release (This=0xb7fe48) returned 0x1 [0181.405] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.405] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.405] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fe48, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fe48) returned 0x0 [0181.405] WbemDefPath:IUnknown:AddRef (This=0xb7fe48) returned 0x3 [0181.405] WbemDefPath:IUnknown:Release (This=0xb7fe48) returned 0x2 [0181.405] WbemDefPath:IWbemPath:SetText (This=0xb7fe48, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1192\"") returned 0x0 [0181.405] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.405] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.405] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.406] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.406] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.406] IWbemClassObject:Get (in: This=0xe30c070, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1834*=0, plFlavor=0x6bc1838*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4a8, varVal2=0x0), pType=0x6bc1834*=19, plFlavor=0x6bc1838*=0) returned 0x0 [0181.406] IWbemClassObject:Get (in: This=0xe30c070, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1834*=19, plFlavor=0x6bc1838*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4a8, varVal2=0x0), pType=0x6bc1834*=19, plFlavor=0x6bc1838*=0) returned 0x0 [0181.407] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.407] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.407] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.407] IWbemClassObject:Get (in: This=0xe30c070, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1980*=0, plFlavor=0x6bc1984*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettings.exe", varVal2=0x0), pType=0x6bc1980*=8, plFlavor=0x6bc1984*=0) returned 0x0 [0181.407] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0181.407] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0181.407] IWbemClassObject:Get (in: This=0xe30c070, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1980*=8, plFlavor=0x6bc1984*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettings.exe", varVal2=0x0), pType=0x6bc1980*=8, plFlavor=0x6bc1984*=0) returned 0x0 [0181.407] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0181.407] SysStringByteLen (bstr="SystemSettings.exe") returned 0x24 [0181.408] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.408] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.408] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.408] IWbemClassObject:Get (in: This=0xe30c070, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1b24*=0, plFlavor=0x6bc1b28*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel", varVal2=0x0), pType=0x6bc1b24*=8, plFlavor=0x6bc1b28*=0) returned 0x0 [0181.408] SysStringByteLen (bstr="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel") returned 0xd2 [0181.408] SysStringByteLen (bstr="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel") returned 0xd2 [0181.408] IWbemClassObject:Get (in: This=0xe30c070, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc1b24*=8, plFlavor=0x6bc1b28*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel", varVal2=0x0), pType=0x6bc1b24*=8, plFlavor=0x6bc1b28*=0) returned 0x0 [0181.408] SysStringByteLen (bstr="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel") returned 0xd2 [0181.409] SysStringByteLen (bstr="\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel") returned 0xd2 [0181.409] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.409] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30c3a0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.410] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c3a0) returned 0x0 [0181.410] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.410] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.411] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.411] IUnknown:AddRef (This=0xe30c3a0) returned 0x3 [0181.411] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.411] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.411] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c3a4) returned 0x0 [0181.411] IMarshal:GetUnmarshalClass (in: This=0xe30c3a4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.411] IUnknown:Release (This=0xe30c3a4) returned 0x3 [0181.411] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.411] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.412] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.412] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0181.412] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.412] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.412] IUnknown:QueryInterface (in: This=0xe30c3a0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c3a0) returned 0x0 [0181.412] IUnknown:AddRef (This=0xe30c3a0) returned 0x4 [0181.412] IUnknown:Release (This=0xe30c3a0) returned 0x3 [0181.412] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0181.412] CoTaskMemFree (pv=0xc16518) [0181.412] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.412] IUnknown:AddRef (This=0xe30c3a0) returned 0x3 [0181.412] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.413] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.413] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x5e [0181.413] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x5e [0181.413] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.413] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.413] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.413] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.414] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16478) returned 0x0 [0181.414] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16478, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.414] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16478, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80468) returned 0x0 [0181.414] WbemDefPath:IUnknown:Release (This=0xc16478) returned 0x0 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80468) returned 0x0 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.415] WbemDefPath:IUnknown:AddRef (This=0xb80468) returned 0x3 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a6d8) returned 0x0 [0181.415] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a6d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.415] WbemDefPath:IUnknown:Release (This=0xe33a6d8) returned 0x3 [0181.415] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.415] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.415] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.416] WbemDefPath:IUnknown:Release (This=0xb80468) returned 0x2 [0181.416] WbemDefPath:IUnknown:Release (This=0xb80468) returned 0x1 [0181.416] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.416] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.416] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80468, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80468) returned 0x0 [0181.416] WbemDefPath:IUnknown:AddRef (This=0xb80468) returned 0x3 [0181.416] WbemDefPath:IUnknown:Release (This=0xb80468) returned 0x2 [0181.416] WbemDefPath:IWbemPath:SetText (This=0xb80468, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3060\"") returned 0x0 [0181.416] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.416] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.416] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.416] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.417] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.417] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.417] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc2714*=0, plFlavor=0x6bc2718*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xbf4, varVal2=0x0), pType=0x6bc2714*=19, plFlavor=0x6bc2718*=0) returned 0x0 [0181.417] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc2714*=19, plFlavor=0x6bc2718*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xbf4, varVal2=0x0), pType=0x6bc2714*=19, plFlavor=0x6bc2718*=0) returned 0x0 [0181.417] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.417] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.417] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.417] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc2860*=0, plFlavor=0x6bc2864*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6bc2860*=8, plFlavor=0x6bc2864*=0) returned 0x0 [0181.418] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0181.418] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0181.418] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc2860*=8, plFlavor=0x6bc2864*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x6bc2860*=8, plFlavor=0x6bc2864*=0) returned 0x0 [0181.418] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0181.418] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0181.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.418] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.418] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.418] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc29ec*=0, plFlavor=0x6bc29f0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank", varVal2=0x0), pType=0x6bc29ec*=8, plFlavor=0x6bc29f0*=0) returned 0x0 [0181.419] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0181.419] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0181.419] IWbemClassObject:Get (in: This=0xe30c3a0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc29ec*=8, plFlavor=0x6bc29f0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank", varVal2=0x0), pType=0x6bc29ec*=8, plFlavor=0x6bc29f0*=0) returned 0x0 [0181.419] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0181.419] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0181.419] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.419] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30d060, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.420] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d060) returned 0x0 [0181.420] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.420] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.421] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.421] IUnknown:AddRef (This=0xe30d060) returned 0x3 [0181.421] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.421] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.421] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d064) returned 0x0 [0181.421] IMarshal:GetUnmarshalClass (in: This=0xe30d064, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.421] IUnknown:Release (This=0xe30d064) returned 0x3 [0181.421] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.421] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.421] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.421] IUnknown:Release (This=0xe30d060) returned 0x2 [0181.421] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.422] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.422] IUnknown:QueryInterface (in: This=0xe30d060, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d060) returned 0x0 [0181.422] IUnknown:AddRef (This=0xe30d060) returned 0x4 [0181.422] IUnknown:Release (This=0xe30d060) returned 0x3 [0181.422] IUnknown:Release (This=0xe30d060) returned 0x2 [0181.422] CoTaskMemFree (pv=0xc16518) [0181.422] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.422] IUnknown:AddRef (This=0xe30d060) returned 0x3 [0181.422] IWbemClassObject:Get (in: This=0xe30d060, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.422] IWbemClassObject:Get (in: This=0xe30d060, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.422] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x5e [0181.422] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x5e [0181.423] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.423] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.423] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.423] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.424] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0181.424] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16588, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.424] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16588, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80388) returned 0x0 [0181.424] WbemDefPath:IUnknown:Release (This=0xc16588) returned 0x0 [0181.424] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80388) returned 0x0 [0181.424] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.424] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.425] WbemDefPath:IUnknown:AddRef (This=0xb80388) returned 0x3 [0181.425] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.425] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.425] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33ab58) returned 0x0 [0181.425] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33ab58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.425] WbemDefPath:IUnknown:Release (This=0xe33ab58) returned 0x3 [0181.425] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.425] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.425] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.425] WbemDefPath:IUnknown:Release (This=0xb80388) returned 0x2 [0181.425] WbemDefPath:IUnknown:Release (This=0xb80388) returned 0x1 [0181.425] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.425] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.426] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80388, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80388) returned 0x0 [0181.426] WbemDefPath:IUnknown:AddRef (This=0xb80388) returned 0x3 [0181.426] WbemDefPath:IUnknown:Release (This=0xb80388) returned 0x2 [0181.426] WbemDefPath:IWbemPath:SetText (This=0xb80388, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3392\"") returned 0x0 [0181.426] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.426] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.426] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.475] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.475] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.475] IWbemClassObject:Get (in: This=0xe30d060, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc34c8*=0, plFlavor=0x6bc34cc*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd40, varVal2=0x0), pType=0x6bc34c8*=19, plFlavor=0x6bc34cc*=0) returned 0x0 [0181.475] IWbemClassObject:Get (in: This=0xe30d060, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc34c8*=19, plFlavor=0x6bc34cc*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd40, varVal2=0x0), pType=0x6bc34c8*=19, plFlavor=0x6bc34cc*=0) returned 0x0 [0181.476] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.476] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.476] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.476] IWbemClassObject:Get (in: This=0xe30d060, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc3614*=0, plFlavor=0x6bc3618*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="face.exe", varVal2=0x0), pType=0x6bc3614*=8, plFlavor=0x6bc3618*=0) returned 0x0 [0181.476] SysStringByteLen (bstr="face.exe") returned 0x10 [0181.476] SysStringByteLen (bstr="face.exe") returned 0x10 [0181.476] IWbemClassObject:Get (in: This=0xe30d060, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc3614*=8, plFlavor=0x6bc3618*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="face.exe", varVal2=0x0), pType=0x6bc3614*=8, plFlavor=0x6bc3618*=0) returned 0x0 [0181.477] SysStringByteLen (bstr="face.exe") returned 0x10 [0181.477] SysStringByteLen (bstr="face.exe") returned 0x10 [0181.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.477] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.477] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.477] IWbemClassObject:Get (in: This=0xe30d060, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc3790*=0, plFlavor=0x6bc3794*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\face.exe\" ", varVal2=0x0), pType=0x6bc3790*=8, plFlavor=0x6bc3794*=0) returned 0x0 [0181.477] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\face.exe\" ") returned 0x64 [0181.477] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\face.exe\" ") returned 0x64 [0181.478] IWbemClassObject:Get (in: This=0xe30d060, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc3790*=8, plFlavor=0x6bc3794*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\face.exe\" ", varVal2=0x0), pType=0x6bc3790*=8, plFlavor=0x6bc3794*=0) returned 0x0 [0181.478] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\face.exe\" ") returned 0x64 [0181.478] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\face.exe\" ") returned 0x64 [0181.478] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0181.478] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6bb7a50 | out: apObjects=0xc16438*=0xe30d9f0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.479] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d9f0) returned 0x0 [0181.479] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.479] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.479] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.479] IUnknown:AddRef (This=0xe30d9f0) returned 0x3 [0181.480] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.480] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.480] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d9f4) returned 0x0 [0181.480] IMarshal:GetUnmarshalClass (in: This=0xe30d9f4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.480] IUnknown:Release (This=0xe30d9f4) returned 0x3 [0181.480] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.480] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.480] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.480] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0181.480] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.480] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.480] IUnknown:QueryInterface (in: This=0xe30d9f0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d9f0) returned 0x0 [0181.480] IUnknown:AddRef (This=0xe30d9f0) returned 0x4 [0181.480] IUnknown:Release (This=0xe30d9f0) returned 0x3 [0181.480] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0181.481] CoTaskMemFree (pv=0xc16438) [0181.481] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.481] IUnknown:AddRef (This=0xe30d9f0) returned 0x3 [0181.481] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.481] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.481] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x5e [0181.481] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x5e [0181.481] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.481] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.481] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.482] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.483] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16418) returned 0x0 [0181.483] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.483] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80078) returned 0x0 [0181.483] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0181.483] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80078) returned 0x0 [0181.483] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.483] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.484] WbemDefPath:IUnknown:AddRef (This=0xb80078) returned 0x3 [0181.484] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.484] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.484] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33a990) returned 0x0 [0181.484] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33a990, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.484] WbemDefPath:IUnknown:Release (This=0xe33a990) returned 0x3 [0181.484] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.484] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.484] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.484] WbemDefPath:IUnknown:Release (This=0xb80078) returned 0x2 [0181.484] WbemDefPath:IUnknown:Release (This=0xb80078) returned 0x1 [0181.484] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.484] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.484] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80078, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80078) returned 0x0 [0181.485] WbemDefPath:IUnknown:AddRef (This=0xb80078) returned 0x3 [0181.485] WbemDefPath:IUnknown:Release (This=0xb80078) returned 0x2 [0181.485] WbemDefPath:IWbemPath:SetText (This=0xb80078, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3400\"") returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.485] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.485] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4224*=0, plFlavor=0x6bc4228*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd48, varVal2=0x0), pType=0x6bc4224*=19, plFlavor=0x6bc4228*=0) returned 0x0 [0181.486] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4224*=19, plFlavor=0x6bc4228*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd48, varVal2=0x0), pType=0x6bc4224*=19, plFlavor=0x6bc4228*=0) returned 0x0 [0181.486] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.486] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.486] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.486] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4370*=0, plFlavor=0x6bc4374*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relationship short town.exe", varVal2=0x0), pType=0x6bc4370*=8, plFlavor=0x6bc4374*=0) returned 0x0 [0181.486] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0181.486] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0181.486] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4370*=8, plFlavor=0x6bc4374*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="relationship short town.exe", varVal2=0x0), pType=0x6bc4370*=8, plFlavor=0x6bc4374*=0) returned 0x0 [0181.487] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0181.487] SysStringByteLen (bstr="relationship short town.exe") returned 0x36 [0181.487] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.487] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.487] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4534*=0, plFlavor=0x6bc4538*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ", varVal2=0x0), pType=0x6bc4534*=8, plFlavor=0x6bc4538*=0) returned 0x0 [0181.488] SysStringByteLen (bstr="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ") returned 0x88 [0181.488] SysStringByteLen (bstr="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ") returned 0x88 [0181.488] IWbemClassObject:Get (in: This=0xe30d9f0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc4534*=8, plFlavor=0x6bc4538*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ", varVal2=0x0), pType=0x6bc4534*=8, plFlavor=0x6bc4538*=0) returned 0x0 [0181.488] SysStringByteLen (bstr="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ") returned 0x88 [0181.488] SysStringByteLen (bstr="\"C:\\Program Files\\Microsoft SQL Server\\relationship short town.exe\" ") returned 0x88 [0181.488] CoTaskMemAlloc (cb=0x4) returned 0xc16398 [0181.488] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16398, puReturned=0x6bb7a50 | out: apObjects=0xc16398*=0xe30c538, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.489] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c538) returned 0x0 [0181.489] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.489] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.489] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.490] IUnknown:AddRef (This=0xe30c538) returned 0x3 [0181.490] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.490] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.490] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c53c) returned 0x0 [0181.490] IMarshal:GetUnmarshalClass (in: This=0xe30c53c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.490] IUnknown:Release (This=0xe30c53c) returned 0x3 [0181.490] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.490] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.490] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.490] IUnknown:Release (This=0xe30c538) returned 0x2 [0181.490] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.490] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.490] IUnknown:QueryInterface (in: This=0xe30c538, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c538) returned 0x0 [0181.490] IUnknown:AddRef (This=0xe30c538) returned 0x4 [0181.490] IUnknown:Release (This=0xe30c538) returned 0x3 [0181.491] IUnknown:Release (This=0xe30c538) returned 0x2 [0181.491] CoTaskMemFree (pv=0xc16398) [0181.491] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.491] IUnknown:AddRef (This=0xe30c538) returned 0x3 [0181.491] IWbemClassObject:Get (in: This=0xe30c538, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.491] IWbemClassObject:Get (in: This=0xe30c538, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.491] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x5e [0181.491] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x5e [0181.491] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.491] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.491] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.491] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.493] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0181.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.493] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb800e8) returned 0x0 [0181.493] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0181.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb800e8) returned 0x0 [0181.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.493] WbemDefPath:IUnknown:AddRef (This=0xb800e8) returned 0x3 [0181.493] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33adb0) returned 0x0 [0181.494] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33adb0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.494] WbemDefPath:IUnknown:Release (This=0xe33adb0) returned 0x3 [0181.494] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.494] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.494] WbemDefPath:IUnknown:Release (This=0xb800e8) returned 0x2 [0181.494] WbemDefPath:IUnknown:Release (This=0xb800e8) returned 0x1 [0181.494] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.494] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.494] WbemDefPath:IUnknown:QueryInterface (in: This=0xb800e8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb800e8) returned 0x0 [0181.494] WbemDefPath:IUnknown:AddRef (This=0xb800e8) returned 0x3 [0181.494] WbemDefPath:IUnknown:Release (This=0xb800e8) returned 0x2 [0181.494] WbemDefPath:IWbemPath:SetText (This=0xb800e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3412\"") returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.495] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.495] IWbemClassObject:Get (in: This=0xe30c538, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc505c*=0, plFlavor=0x6bc5060*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd54, varVal2=0x0), pType=0x6bc505c*=19, plFlavor=0x6bc5060*=0) returned 0x0 [0181.495] IWbemClassObject:Get (in: This=0xe30c538, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc505c*=19, plFlavor=0x6bc5060*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd54, varVal2=0x0), pType=0x6bc505c*=19, plFlavor=0x6bc5060*=0) returned 0x0 [0181.496] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.496] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.496] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.496] IWbemClassObject:Get (in: This=0xe30c538, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc51a8*=0, plFlavor=0x6bc51ac*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="appear.exe", varVal2=0x0), pType=0x6bc51a8*=8, plFlavor=0x6bc51ac*=0) returned 0x0 [0181.496] SysStringByteLen (bstr="appear.exe") returned 0x14 [0181.496] SysStringByteLen (bstr="appear.exe") returned 0x14 [0181.496] IWbemClassObject:Get (in: This=0xe30c538, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc51a8*=8, plFlavor=0x6bc51ac*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="appear.exe", varVal2=0x0), pType=0x6bc51a8*=8, plFlavor=0x6bc51ac*=0) returned 0x0 [0181.496] SysStringByteLen (bstr="appear.exe") returned 0x14 [0181.496] SysStringByteLen (bstr="appear.exe") returned 0x14 [0181.497] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.497] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.497] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.497] IWbemClassObject:Get (in: This=0xe30c538, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc532c*=0, plFlavor=0x6bc5330*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ", varVal2=0x0), pType=0x6bc532c*=8, plFlavor=0x6bc5330*=0) returned 0x0 [0181.497] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ") returned 0x62 [0181.497] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ") returned 0x62 [0181.497] IWbemClassObject:Get (in: This=0xe30c538, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc532c*=8, plFlavor=0x6bc5330*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ", varVal2=0x0), pType=0x6bc532c*=8, plFlavor=0x6bc5330*=0) returned 0x0 [0181.497] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ") returned 0x62 [0181.497] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\appear.exe\" ") returned 0x62 [0181.497] CoTaskMemAlloc (cb=0x4) returned 0xc16398 [0181.498] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16398, puReturned=0x6bb7a50 | out: apObjects=0xc16398*=0xe30c208, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.535] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c208) returned 0x0 [0181.535] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.535] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.535] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.535] IUnknown:AddRef (This=0xe30c208) returned 0x3 [0181.535] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.536] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.536] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c20c) returned 0x0 [0181.536] IMarshal:GetUnmarshalClass (in: This=0xe30c20c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.536] IUnknown:Release (This=0xe30c20c) returned 0x3 [0181.536] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.536] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.536] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.536] IUnknown:Release (This=0xe30c208) returned 0x2 [0181.536] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.536] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.536] IUnknown:QueryInterface (in: This=0xe30c208, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c208) returned 0x0 [0181.536] IUnknown:AddRef (This=0xe30c208) returned 0x4 [0181.536] IUnknown:Release (This=0xe30c208) returned 0x3 [0181.537] IUnknown:Release (This=0xe30c208) returned 0x2 [0181.537] CoTaskMemFree (pv=0xc16398) [0181.537] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.537] IUnknown:AddRef (This=0xe30c208) returned 0x3 [0181.537] IWbemClassObject:Get (in: This=0xe30c208, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.537] IWbemClassObject:Get (in: This=0xe30c208, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.537] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x5e [0181.537] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x5e [0181.537] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.538] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.538] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.538] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.539] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0181.539] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.539] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f828) returned 0x0 [0181.539] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0181.539] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f828) returned 0x0 [0181.540] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.540] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.540] WbemDefPath:IUnknown:AddRef (This=0xb7f828) returned 0x3 [0181.540] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.540] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.540] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe33ad50) returned 0x0 [0181.540] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe33ad50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.540] WbemDefPath:IUnknown:Release (This=0xe33ad50) returned 0x3 [0181.540] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.541] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.541] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.541] WbemDefPath:IUnknown:Release (This=0xb7f828) returned 0x2 [0181.541] WbemDefPath:IUnknown:Release (This=0xb7f828) returned 0x1 [0181.541] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.541] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.541] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f828, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f828) returned 0x0 [0181.541] WbemDefPath:IUnknown:AddRef (This=0xb7f828) returned 0x3 [0181.541] WbemDefPath:IUnknown:Release (This=0xb7f828) returned 0x2 [0181.541] WbemDefPath:IWbemPath:SetText (This=0xb7f828, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3428\"") returned 0x0 [0181.541] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.541] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.541] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.542] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.542] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.542] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.542] IWbemClassObject:Get (in: This=0xe30c208, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc5dbc*=0, plFlavor=0x6bc5dc0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd64, varVal2=0x0), pType=0x6bc5dbc*=19, plFlavor=0x6bc5dc0*=0) returned 0x0 [0181.542] IWbemClassObject:Get (in: This=0xe30c208, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc5dbc*=19, plFlavor=0x6bc5dc0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd64, varVal2=0x0), pType=0x6bc5dbc*=19, plFlavor=0x6bc5dc0*=0) returned 0x0 [0181.543] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.543] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.543] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.543] IWbemClassObject:Get (in: This=0xe30c208, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc5f08*=0, plFlavor=0x6bc5f0c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="controlmachine.exe", varVal2=0x0), pType=0x6bc5f08*=8, plFlavor=0x6bc5f0c*=0) returned 0x0 [0181.543] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0181.543] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0181.543] IWbemClassObject:Get (in: This=0xe30c208, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc5f08*=8, plFlavor=0x6bc5f0c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="controlmachine.exe", varVal2=0x0), pType=0x6bc5f08*=8, plFlavor=0x6bc5f0c*=0) returned 0x0 [0181.543] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0181.543] SysStringByteLen (bstr="controlmachine.exe") returned 0x24 [0181.544] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.544] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.544] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.544] IWbemClassObject:Get (in: This=0xe30c208, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc60ac*=0, plFlavor=0x6bc60b0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ", varVal2=0x0), pType=0x6bc60ac*=8, plFlavor=0x6bc60b0*=0) returned 0x0 [0181.544] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ") returned 0x7c [0181.544] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ") returned 0x7c [0181.544] IWbemClassObject:Get (in: This=0xe30c208, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc60ac*=8, plFlavor=0x6bc60b0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ", varVal2=0x0), pType=0x6bc60ac*=8, plFlavor=0x6bc60b0*=0) returned 0x0 [0181.545] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ") returned 0x7c [0181.545] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\controlmachine.exe\" ") returned 0x7c [0181.545] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.545] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30d390, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d390) returned 0x0 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.546] IUnknown:AddRef (This=0xe30d390) returned 0x3 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.546] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.547] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d394) returned 0x0 [0181.547] IMarshal:GetUnmarshalClass (in: This=0xe30d394, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.547] IUnknown:Release (This=0xe30d394) returned 0x3 [0181.547] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.547] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.547] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.547] IUnknown:Release (This=0xe30d390) returned 0x2 [0181.547] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.547] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.547] IUnknown:QueryInterface (in: This=0xe30d390, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d390) returned 0x0 [0181.547] IUnknown:AddRef (This=0xe30d390) returned 0x4 [0181.547] IUnknown:Release (This=0xe30d390) returned 0x3 [0181.547] IUnknown:Release (This=0xe30d390) returned 0x2 [0181.547] CoTaskMemFree (pv=0xc16518) [0181.547] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.548] IUnknown:AddRef (This=0xe30d390) returned 0x3 [0181.548] IWbemClassObject:Get (in: This=0xe30d390, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.548] IWbemClassObject:Get (in: This=0xe30d390, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.548] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0181.548] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0181.548] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.548] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.548] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.548] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.550] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16488) returned 0x0 [0181.550] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.550] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fd68) returned 0x0 [0181.550] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0181.550] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fd68) returned 0x0 [0181.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.551] WbemDefPath:IUnknown:AddRef (This=0xb7fd68) returned 0x3 [0181.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.551] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe338e48) returned 0x0 [0181.551] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe338e48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.551] WbemDefPath:IUnknown:Release (This=0xe338e48) returned 0x3 [0181.551] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.552] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.552] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.552] WbemDefPath:IUnknown:Release (This=0xb7fd68) returned 0x2 [0181.552] WbemDefPath:IUnknown:Release (This=0xb7fd68) returned 0x1 [0181.552] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.552] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.552] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fd68, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fd68) returned 0x0 [0181.552] WbemDefPath:IUnknown:AddRef (This=0xb7fd68) returned 0x3 [0181.552] WbemDefPath:IUnknown:Release (This=0xb7fd68) returned 0x2 [0181.552] WbemDefPath:IWbemPath:SetText (This=0xb7fd68, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x0 [0181.552] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.552] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.552] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.553] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.553] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.553] IWbemClassObject:Get (in: This=0xe30d390, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6c28*=0, plFlavor=0x6bc6c2c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd74, varVal2=0x0), pType=0x6bc6c28*=19, plFlavor=0x6bc6c2c*=0) returned 0x0 [0181.553] IWbemClassObject:Get (in: This=0xe30d390, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6c28*=19, plFlavor=0x6bc6c2c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd74, varVal2=0x0), pType=0x6bc6c28*=19, plFlavor=0x6bc6c2c*=0) returned 0x0 [0181.554] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.554] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.554] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.554] IWbemClassObject:Get (in: This=0xe30d390, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6d74*=0, plFlavor=0x6bc6d78*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central.exe", varVal2=0x0), pType=0x6bc6d74*=8, plFlavor=0x6bc6d78*=0) returned 0x0 [0181.554] SysStringByteLen (bstr="central.exe") returned 0x16 [0181.554] SysStringByteLen (bstr="central.exe") returned 0x16 [0181.554] IWbemClassObject:Get (in: This=0xe30d390, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6d74*=8, plFlavor=0x6bc6d78*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="central.exe", varVal2=0x0), pType=0x6bc6d74*=8, plFlavor=0x6bc6d78*=0) returned 0x0 [0181.554] SysStringByteLen (bstr="central.exe") returned 0x16 [0181.554] SysStringByteLen (bstr="central.exe") returned 0x16 [0181.555] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.555] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.555] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.555] IWbemClassObject:Get (in: This=0xe30d390, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6ef8*=0, plFlavor=0x6bc6efc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ", varVal2=0x0), pType=0x6bc6ef8*=8, plFlavor=0x6bc6efc*=0) returned 0x0 [0181.555] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ") returned 0x82 [0181.555] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ") returned 0x82 [0181.555] IWbemClassObject:Get (in: This=0xe30d390, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc6ef8*=8, plFlavor=0x6bc6efc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ", varVal2=0x0), pType=0x6bc6ef8*=8, plFlavor=0x6bc6efc*=0) returned 0x0 [0181.555] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ") returned 0x82 [0181.555] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\central.exe\" ") returned 0x82 [0181.555] CoTaskMemAlloc (cb=0x4) returned 0xc16398 [0181.555] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16398, puReturned=0x6bb7a50 | out: apObjects=0xc16398*=0xe30c6d0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.557] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c6d0) returned 0x0 [0181.557] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.557] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.557] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.558] IUnknown:AddRef (This=0xe30c6d0) returned 0x3 [0181.558] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.558] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.558] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c6d4) returned 0x0 [0181.558] IMarshal:GetUnmarshalClass (in: This=0xe30c6d4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.558] IUnknown:Release (This=0xe30c6d4) returned 0x3 [0181.558] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.558] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.558] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.558] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0181.559] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.559] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.559] IUnknown:QueryInterface (in: This=0xe30c6d0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c6d0) returned 0x0 [0181.559] IUnknown:AddRef (This=0xe30c6d0) returned 0x4 [0181.559] IUnknown:Release (This=0xe30c6d0) returned 0x3 [0181.559] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0181.559] CoTaskMemFree (pv=0xc16398) [0181.559] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.559] IUnknown:AddRef (This=0xe30c6d0) returned 0x3 [0181.559] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.559] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.560] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x5e [0181.560] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x5e [0181.560] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.560] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.560] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.560] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.561] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0181.561] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.562] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fc18) returned 0x0 [0181.562] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fc18) returned 0x0 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.562] WbemDefPath:IUnknown:AddRef (This=0xb7fc18) returned 0x3 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.562] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe338f50) returned 0x0 [0181.563] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe338f50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.563] WbemDefPath:IUnknown:Release (This=0xe338f50) returned 0x3 [0181.563] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.563] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.563] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.563] WbemDefPath:IUnknown:Release (This=0xb7fc18) returned 0x2 [0181.563] WbemDefPath:IUnknown:Release (This=0xb7fc18) returned 0x1 [0181.563] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.563] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.563] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc18, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fc18) returned 0x0 [0181.563] WbemDefPath:IUnknown:AddRef (This=0xb7fc18) returned 0x3 [0181.563] WbemDefPath:IUnknown:Release (This=0xb7fc18) returned 0x2 [0181.563] WbemDefPath:IWbemPath:SetText (This=0xb7fc18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3456\"") returned 0x0 [0181.563] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.563] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.563] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.564] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.564] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.564] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc79e8*=0, plFlavor=0x6bc79ec*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd80, varVal2=0x0), pType=0x6bc79e8*=19, plFlavor=0x6bc79ec*=0) returned 0x0 [0181.564] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc79e8*=19, plFlavor=0x6bc79ec*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd80, varVal2=0x0), pType=0x6bc79e8*=19, plFlavor=0x6bc79ec*=0) returned 0x0 [0181.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.565] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.565] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.565] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc7b34*=0, plFlavor=0x6bc7b38*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh-article.exe", varVal2=0x0), pType=0x6bc7b34*=8, plFlavor=0x6bc7b38*=0) returned 0x0 [0181.565] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0181.565] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0181.565] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc7b34*=8, plFlavor=0x6bc7b38*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="oh-article.exe", varVal2=0x0), pType=0x6bc7b34*=8, plFlavor=0x6bc7b38*=0) returned 0x0 [0181.613] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0181.613] SysStringByteLen (bstr="oh-article.exe") returned 0x1c [0181.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.613] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.613] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.613] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc7cc8*=0, plFlavor=0x6bc7ccc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ", varVal2=0x0), pType=0x6bc7cc8*=8, plFlavor=0x6bc7ccc*=0) returned 0x0 [0181.613] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ") returned 0x68 [0181.613] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ") returned 0x68 [0181.614] IWbemClassObject:Get (in: This=0xe30c6d0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc7cc8*=8, plFlavor=0x6bc7ccc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ", varVal2=0x0), pType=0x6bc7cc8*=8, plFlavor=0x6bc7ccc*=0) returned 0x0 [0181.614] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ") returned 0x68 [0181.614] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\oh-article.exe\" ") returned 0x68 [0181.614] CoTaskMemAlloc (cb=0x4) returned 0xc16538 [0181.614] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16538, puReturned=0x6bb7a50 | out: apObjects=0xc16538*=0xe30db88, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.615] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30db88) returned 0x0 [0181.615] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.615] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.615] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.616] IUnknown:AddRef (This=0xe30db88) returned 0x3 [0181.616] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.616] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.616] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30db8c) returned 0x0 [0181.616] IMarshal:GetUnmarshalClass (in: This=0xe30db8c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.616] IUnknown:Release (This=0xe30db8c) returned 0x3 [0181.616] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.616] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.616] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.616] IUnknown:Release (This=0xe30db88) returned 0x2 [0181.616] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.616] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.616] IUnknown:QueryInterface (in: This=0xe30db88, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30db88) returned 0x0 [0181.617] IUnknown:AddRef (This=0xe30db88) returned 0x4 [0181.617] IUnknown:Release (This=0xe30db88) returned 0x3 [0181.617] IUnknown:Release (This=0xe30db88) returned 0x2 [0181.617] CoTaskMemFree (pv=0xc16538) [0181.617] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.617] IUnknown:AddRef (This=0xe30db88) returned 0x3 [0181.617] IWbemClassObject:Get (in: This=0xe30db88, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.617] IWbemClassObject:Get (in: This=0xe30db88, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.617] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x5e [0181.618] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x5e [0181.618] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.618] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.618] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.618] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.619] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0181.619] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.620] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f898) returned 0x0 [0181.620] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f898) returned 0x0 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.620] WbemDefPath:IUnknown:AddRef (This=0xb7f898) returned 0x3 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.620] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe339178) returned 0x0 [0181.620] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe339178, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.620] WbemDefPath:IUnknown:Release (This=0xe339178) returned 0x3 [0181.621] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.621] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.621] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.621] WbemDefPath:IUnknown:Release (This=0xb7f898) returned 0x2 [0181.621] WbemDefPath:IUnknown:Release (This=0xb7f898) returned 0x1 [0181.621] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.621] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.621] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f898, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f898) returned 0x0 [0181.621] WbemDefPath:IUnknown:AddRef (This=0xb7f898) returned 0x3 [0181.621] WbemDefPath:IUnknown:Release (This=0xb7f898) returned 0x2 [0181.621] WbemDefPath:IWbemPath:SetText (This=0xb7f898, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3468\"") returned 0x0 [0181.621] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.621] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.621] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.622] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.622] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.622] IWbemClassObject:Get (in: This=0xe30db88, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc8774*=0, plFlavor=0x6bc8778*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd8c, varVal2=0x0), pType=0x6bc8774*=19, plFlavor=0x6bc8778*=0) returned 0x0 [0181.622] IWbemClassObject:Get (in: This=0xe30db88, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc8774*=19, plFlavor=0x6bc8778*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd8c, varVal2=0x0), pType=0x6bc8774*=19, plFlavor=0x6bc8778*=0) returned 0x0 [0181.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.623] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.623] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.623] IWbemClassObject:Get (in: This=0xe30db88, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc88c0*=0, plFlavor=0x6bc88c4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="returnrecent.exe", varVal2=0x0), pType=0x6bc88c0*=8, plFlavor=0x6bc88c4*=0) returned 0x0 [0181.623] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0181.623] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0181.623] IWbemClassObject:Get (in: This=0xe30db88, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc88c0*=8, plFlavor=0x6bc88c4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="returnrecent.exe", varVal2=0x0), pType=0x6bc88c0*=8, plFlavor=0x6bc88c4*=0) returned 0x0 [0181.623] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0181.623] SysStringByteLen (bstr="returnrecent.exe") returned 0x20 [0181.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.624] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.624] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.624] IWbemClassObject:Get (in: This=0xe30db88, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc8a5c*=0, plFlavor=0x6bc8a60*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ", varVal2=0x0), pType=0x6bc8a5c*=8, plFlavor=0x6bc8a60*=0) returned 0x0 [0181.624] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ") returned 0x64 [0181.624] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ") returned 0x64 [0181.624] IWbemClassObject:Get (in: This=0xe30db88, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc8a5c*=8, plFlavor=0x6bc8a60*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ", varVal2=0x0), pType=0x6bc8a5c*=8, plFlavor=0x6bc8a60*=0) returned 0x0 [0181.624] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ") returned 0x64 [0181.624] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\MSBuild\\returnrecent.exe\" ") returned 0x64 [0181.624] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.624] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30d6c0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.628] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d6c0) returned 0x0 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.629] IUnknown:AddRef (This=0xe30d6c0) returned 0x3 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.629] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d6c4) returned 0x0 [0181.629] IMarshal:GetUnmarshalClass (in: This=0xe30d6c4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.629] IUnknown:Release (This=0xe30d6c4) returned 0x3 [0181.629] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.630] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.630] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.630] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0181.630] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.630] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.630] IUnknown:QueryInterface (in: This=0xe30d6c0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d6c0) returned 0x0 [0181.630] IUnknown:AddRef (This=0xe30d6c0) returned 0x4 [0181.630] IUnknown:Release (This=0xe30d6c0) returned 0x3 [0181.630] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0181.630] CoTaskMemFree (pv=0xc16518) [0181.630] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.630] IUnknown:AddRef (This=0xe30d6c0) returned 0x3 [0181.630] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.631] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.631] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x5e [0181.631] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x5e [0181.631] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.631] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.631] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.631] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.632] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.633] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f908) returned 0x0 [0181.633] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f908) returned 0x0 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.633] WbemDefPath:IUnknown:AddRef (This=0xb7f908) returned 0x3 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.633] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321498) returned 0x0 [0181.633] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321498, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.634] WbemDefPath:IUnknown:Release (This=0xe321498) returned 0x3 [0181.634] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.634] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.634] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.634] WbemDefPath:IUnknown:Release (This=0xb7f908) returned 0x2 [0181.634] WbemDefPath:IUnknown:Release (This=0xb7f908) returned 0x1 [0181.634] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.634] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.634] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f908, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f908) returned 0x0 [0181.634] WbemDefPath:IUnknown:AddRef (This=0xb7f908) returned 0x3 [0181.634] WbemDefPath:IUnknown:Release (This=0xb7f908) returned 0x2 [0181.634] WbemDefPath:IWbemPath:SetText (This=0xb7f908, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3476\"") returned 0x0 [0181.634] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.634] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.634] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.635] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.635] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.635] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.635] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc9500*=0, plFlavor=0x6bc9504*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd94, varVal2=0x0), pType=0x6bc9500*=19, plFlavor=0x6bc9504*=0) returned 0x0 [0181.635] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc9500*=19, plFlavor=0x6bc9504*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd94, varVal2=0x0), pType=0x6bc9500*=19, plFlavor=0x6bc9504*=0) returned 0x0 [0181.636] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.636] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.636] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.636] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc964c*=0, plFlavor=0x6bc9650*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="forget dinner local.exe", varVal2=0x0), pType=0x6bc964c*=8, plFlavor=0x6bc9650*=0) returned 0x0 [0181.636] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0181.636] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0181.636] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc964c*=8, plFlavor=0x6bc9650*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="forget dinner local.exe", varVal2=0x0), pType=0x6bc964c*=8, plFlavor=0x6bc9650*=0) returned 0x0 [0181.636] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0181.637] SysStringByteLen (bstr="forget dinner local.exe") returned 0x2e [0181.637] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.637] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.637] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.637] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc9800*=0, plFlavor=0x6bc9804*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ", varVal2=0x0), pType=0x6bc9800*=8, plFlavor=0x6bc9804*=0) returned 0x0 [0181.637] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ") returned 0x8c [0181.637] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ") returned 0x8c [0181.637] IWbemClassObject:Get (in: This=0xe30d6c0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bc9800*=8, plFlavor=0x6bc9804*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ", varVal2=0x0), pType=0x6bc9800*=8, plFlavor=0x6bc9804*=0) returned 0x0 [0181.638] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ") returned 0x8c [0181.638] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\forget dinner local.exe\" ") returned 0x8c [0181.638] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0181.638] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe30c868, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30c868) returned 0x0 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.639] IUnknown:AddRef (This=0xe30c868) returned 0x3 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.639] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30c86c) returned 0x0 [0181.640] IMarshal:GetUnmarshalClass (in: This=0xe30c86c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.640] IUnknown:Release (This=0xe30c86c) returned 0x3 [0181.640] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.640] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.640] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.640] IUnknown:Release (This=0xe30c868) returned 0x2 [0181.640] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.640] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.640] IUnknown:QueryInterface (in: This=0xe30c868, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30c868) returned 0x0 [0181.640] IUnknown:AddRef (This=0xe30c868) returned 0x4 [0181.640] IUnknown:Release (This=0xe30c868) returned 0x3 [0181.640] IUnknown:Release (This=0xe30c868) returned 0x2 [0181.640] CoTaskMemFree (pv=0xc16488) [0181.640] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.640] IUnknown:AddRef (This=0xe30c868) returned 0x3 [0181.641] IWbemClassObject:Get (in: This=0xe30c868, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.641] IWbemClassObject:Get (in: This=0xe30c868, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.641] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x5e [0181.641] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x5e [0181.641] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.641] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.641] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.641] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.642] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0181.643] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.643] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f978) returned 0x0 [0181.643] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0181.643] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f978) returned 0x0 [0181.643] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.643] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.644] WbemDefPath:IUnknown:AddRef (This=0xb7f978) returned 0x3 [0181.644] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.644] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.644] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3213c0) returned 0x0 [0181.644] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3213c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.644] WbemDefPath:IUnknown:Release (This=0xe3213c0) returned 0x3 [0181.644] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.644] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.644] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.644] WbemDefPath:IUnknown:Release (This=0xb7f978) returned 0x2 [0181.644] WbemDefPath:IUnknown:Release (This=0xb7f978) returned 0x1 [0181.644] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.645] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.645] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f978, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f978) returned 0x0 [0181.645] WbemDefPath:IUnknown:AddRef (This=0xb7f978) returned 0x3 [0181.645] WbemDefPath:IUnknown:Release (This=0xb7f978) returned 0x2 [0181.645] WbemDefPath:IWbemPath:SetText (This=0xb7f978, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3484\"") returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.645] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.645] IWbemClassObject:Get (in: This=0xe30c868, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca32c*=0, plFlavor=0x6bca330*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd9c, varVal2=0x0), pType=0x6bca32c*=19, plFlavor=0x6bca330*=0) returned 0x0 [0181.646] IWbemClassObject:Get (in: This=0xe30c868, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca32c*=19, plFlavor=0x6bca330*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd9c, varVal2=0x0), pType=0x6bca32c*=19, plFlavor=0x6bca330*=0) returned 0x0 [0181.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.646] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.646] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.646] IWbemClassObject:Get (in: This=0xe30c868, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca478*=0, plFlavor=0x6bca47c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sure.exe", varVal2=0x0), pType=0x6bca478*=8, plFlavor=0x6bca47c*=0) returned 0x0 [0181.646] SysStringByteLen (bstr="sure.exe") returned 0x10 [0181.646] SysStringByteLen (bstr="sure.exe") returned 0x10 [0181.647] IWbemClassObject:Get (in: This=0xe30c868, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca478*=8, plFlavor=0x6bca47c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sure.exe", varVal2=0x0), pType=0x6bca478*=8, plFlavor=0x6bca47c*=0) returned 0x0 [0181.647] SysStringByteLen (bstr="sure.exe") returned 0x10 [0181.647] SysStringByteLen (bstr="sure.exe") returned 0x10 [0181.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.647] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.647] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.647] IWbemClassObject:Get (in: This=0xe30c868, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca5f4*=0, plFlavor=0x6bca5f8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ", varVal2=0x0), pType=0x6bca5f4*=8, plFlavor=0x6bca5f8*=0) returned 0x0 [0181.647] SysStringByteLen (bstr="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ") returned 0x62 [0181.648] SysStringByteLen (bstr="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ") returned 0x62 [0181.648] IWbemClassObject:Get (in: This=0xe30c868, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bca5f4*=8, plFlavor=0x6bca5f8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ", varVal2=0x0), pType=0x6bca5f4*=8, plFlavor=0x6bca5f8*=0) returned 0x0 [0181.648] SysStringByteLen (bstr="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ") returned 0x62 [0181.648] SysStringByteLen (bstr="\"C:\\Program Files\\Reference Assemblies\\sure.exe\" ") returned 0x62 [0181.648] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0181.648] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe30dd20, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.649] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30dd20) returned 0x0 [0181.649] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.649] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.649] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.650] IUnknown:AddRef (This=0xe30dd20) returned 0x3 [0181.650] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.650] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.650] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30dd24) returned 0x0 [0181.650] IMarshal:GetUnmarshalClass (in: This=0xe30dd24, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.650] IUnknown:Release (This=0xe30dd24) returned 0x3 [0181.650] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.650] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.650] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.650] IUnknown:Release (This=0xe30dd20) returned 0x2 [0181.650] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.650] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.651] IUnknown:QueryInterface (in: This=0xe30dd20, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30dd20) returned 0x0 [0181.651] IUnknown:AddRef (This=0xe30dd20) returned 0x4 [0181.651] IUnknown:Release (This=0xe30dd20) returned 0x3 [0181.651] IUnknown:Release (This=0xe30dd20) returned 0x2 [0181.651] CoTaskMemFree (pv=0xc164b8) [0181.651] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.651] IUnknown:AddRef (This=0xe30dd20) returned 0x3 [0181.651] IWbemClassObject:Get (in: This=0xe30dd20, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.651] IWbemClassObject:Get (in: This=0xe30dd20, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.652] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x5e [0181.652] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x5e [0181.652] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.652] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.652] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.652] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.653] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16498) returned 0x0 [0181.653] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16498, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.653] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16498, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb804d8) returned 0x0 [0181.654] WbemDefPath:IUnknown:Release (This=0xc16498) returned 0x0 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb804d8) returned 0x0 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.654] WbemDefPath:IUnknown:AddRef (This=0xb804d8) returned 0x3 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321888) returned 0x0 [0181.654] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321888, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.654] WbemDefPath:IUnknown:Release (This=0xe321888) returned 0x3 [0181.654] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.655] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.655] WbemDefPath:IUnknown:Release (This=0xb804d8) returned 0x2 [0181.655] WbemDefPath:IUnknown:Release (This=0xb804d8) returned 0x1 [0181.655] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.655] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.655] WbemDefPath:IUnknown:QueryInterface (in: This=0xb804d8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb804d8) returned 0x0 [0181.655] WbemDefPath:IUnknown:AddRef (This=0xb804d8) returned 0x3 [0181.655] WbemDefPath:IUnknown:Release (This=0xb804d8) returned 0x2 [0181.655] WbemDefPath:IWbemPath:SetText (This=0xb804d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3500\"") returned 0x0 [0181.655] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.655] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.655] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.656] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.656] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.656] IWbemClassObject:Get (in: This=0xe30dd20, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb080*=0, plFlavor=0x6bcb084*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdac, varVal2=0x0), pType=0x6bcb080*=19, plFlavor=0x6bcb084*=0) returned 0x0 [0181.656] IWbemClassObject:Get (in: This=0xe30dd20, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb080*=19, plFlavor=0x6bcb084*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdac, varVal2=0x0), pType=0x6bcb080*=19, plFlavor=0x6bcb084*=0) returned 0x0 [0181.657] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.657] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.657] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.657] IWbemClassObject:Get (in: This=0xe30dd20, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb1cc*=0, plFlavor=0x6bcb1d0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="indeed.exe", varVal2=0x0), pType=0x6bcb1cc*=8, plFlavor=0x6bcb1d0*=0) returned 0x0 [0181.657] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0181.657] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0181.657] IWbemClassObject:Get (in: This=0xe30dd20, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb1cc*=8, plFlavor=0x6bcb1d0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="indeed.exe", varVal2=0x0), pType=0x6bcb1cc*=8, plFlavor=0x6bcb1d0*=0) returned 0x0 [0181.657] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0181.657] SysStringByteLen (bstr="indeed.exe") returned 0x14 [0181.658] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.658] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.658] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.658] IWbemClassObject:Get (in: This=0xe30dd20, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb350*=0, plFlavor=0x6bcb354*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ", varVal2=0x0), pType=0x6bcb350*=8, plFlavor=0x6bcb354*=0) returned 0x0 [0181.658] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ") returned 0x60 [0181.659] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ") returned 0x60 [0181.659] IWbemClassObject:Get (in: This=0xe30dd20, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcb350*=8, plFlavor=0x6bcb354*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ", varVal2=0x0), pType=0x6bcb350*=8, plFlavor=0x6bcb354*=0) returned 0x0 [0181.659] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ") returned 0x60 [0181.706] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\indeed.exe\" ") returned 0x60 [0181.706] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0181.707] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe30d858, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30d858) returned 0x0 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.708] IUnknown:AddRef (This=0xe30d858) returned 0x3 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.708] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30d85c) returned 0x0 [0181.708] IMarshal:GetUnmarshalClass (in: This=0xe30d85c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.709] IUnknown:Release (This=0xe30d85c) returned 0x3 [0181.709] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.709] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.709] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.709] IUnknown:Release (This=0xe30d858) returned 0x2 [0181.709] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.709] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.709] IUnknown:QueryInterface (in: This=0xe30d858, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30d858) returned 0x0 [0181.709] IUnknown:AddRef (This=0xe30d858) returned 0x4 [0181.709] IUnknown:Release (This=0xe30d858) returned 0x3 [0181.709] IUnknown:Release (This=0xe30d858) returned 0x2 [0181.709] CoTaskMemFree (pv=0xc16488) [0181.709] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.709] IUnknown:AddRef (This=0xe30d858) returned 0x3 [0181.709] IWbemClassObject:Get (in: This=0xe30d858, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.710] IWbemClassObject:Get (in: This=0xe30d858, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.710] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x5e [0181.710] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x5e [0181.710] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.710] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.710] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.710] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.711] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0181.712] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.712] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f9e8) returned 0x0 [0181.712] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0181.712] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f9e8) returned 0x0 [0181.712] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.712] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.712] WbemDefPath:IUnknown:AddRef (This=0xb7f9e8) returned 0x3 [0181.712] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.713] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.713] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3217c8) returned 0x0 [0181.713] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3217c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.713] WbemDefPath:IUnknown:Release (This=0xe3217c8) returned 0x3 [0181.713] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.713] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.713] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.713] WbemDefPath:IUnknown:Release (This=0xb7f9e8) returned 0x2 [0181.713] WbemDefPath:IUnknown:Release (This=0xb7f9e8) returned 0x1 [0181.713] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.713] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.713] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f9e8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f9e8) returned 0x0 [0181.713] WbemDefPath:IUnknown:AddRef (This=0xb7f9e8) returned 0x3 [0181.713] WbemDefPath:IUnknown:Release (This=0xb7f9e8) returned 0x2 [0181.714] WbemDefPath:IWbemPath:SetText (This=0xb7f9e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3512\"") returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.714] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.714] IWbemClassObject:Get (in: This=0xe30d858, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcbddc*=0, plFlavor=0x6bcbde0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdb8, varVal2=0x0), pType=0x6bcbddc*=19, plFlavor=0x6bcbde0*=0) returned 0x0 [0181.714] IWbemClassObject:Get (in: This=0xe30d858, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcbddc*=19, plFlavor=0x6bcbde0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdb8, varVal2=0x0), pType=0x6bcbddc*=19, plFlavor=0x6bcbde0*=0) returned 0x0 [0181.715] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.715] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.715] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.715] IWbemClassObject:Get (in: This=0xe30d858, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcbf28*=0, plFlavor=0x6bcbf2c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lie.exe", varVal2=0x0), pType=0x6bcbf28*=8, plFlavor=0x6bcbf2c*=0) returned 0x0 [0181.715] SysStringByteLen (bstr="lie.exe") returned 0xe [0181.715] SysStringByteLen (bstr="lie.exe") returned 0xe [0181.715] IWbemClassObject:Get (in: This=0xe30d858, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcbf28*=8, plFlavor=0x6bcbf2c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="lie.exe", varVal2=0x0), pType=0x6bcbf28*=8, plFlavor=0x6bcbf2c*=0) returned 0x0 [0181.715] SysStringByteLen (bstr="lie.exe") returned 0xe [0181.715] SysStringByteLen (bstr="lie.exe") returned 0xe [0181.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.716] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.716] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.716] IWbemClassObject:Get (in: This=0xe30d858, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcc09c*=0, plFlavor=0x6bcc0a0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ", varVal2=0x0), pType=0x6bcc09c*=8, plFlavor=0x6bcc0a0*=0) returned 0x0 [0181.716] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ") returned 0x56 [0181.716] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ") returned 0x56 [0181.716] IWbemClassObject:Get (in: This=0xe30d858, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcc09c*=8, plFlavor=0x6bcc0a0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ", varVal2=0x0), pType=0x6bcc09c*=8, plFlavor=0x6bcc0a0*=0) returned 0x0 [0181.716] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ") returned 0x56 [0181.716] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Sidebar\\lie.exe\" ") returned 0x56 [0181.717] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0181.717] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6bb7a50 | out: apObjects=0xc16418*=0xe31c9b0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c9b0) returned 0x0 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.718] IUnknown:AddRef (This=0xe31c9b0) returned 0x3 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.718] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c9b4) returned 0x0 [0181.719] IMarshal:GetUnmarshalClass (in: This=0xe31c9b4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.719] IUnknown:Release (This=0xe31c9b4) returned 0x3 [0181.719] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.719] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.719] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.719] IUnknown:Release (This=0xe31c9b0) returned 0x2 [0181.719] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.719] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.719] IUnknown:QueryInterface (in: This=0xe31c9b0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c9b0) returned 0x0 [0181.719] IUnknown:AddRef (This=0xe31c9b0) returned 0x4 [0181.719] IUnknown:Release (This=0xe31c9b0) returned 0x3 [0181.719] IUnknown:Release (This=0xe31c9b0) returned 0x2 [0181.719] CoTaskMemFree (pv=0xc16418) [0181.719] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.720] IUnknown:AddRef (This=0xe31c9b0) returned 0x3 [0181.720] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.720] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.720] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x5e [0181.720] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x5e [0181.720] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.720] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.720] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.720] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.721] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0181.722] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.722] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fcf8) returned 0x0 [0181.722] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0181.722] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fcf8) returned 0x0 [0181.722] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.722] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.723] WbemDefPath:IUnknown:AddRef (This=0xb7fcf8) returned 0x3 [0181.723] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.723] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.723] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321ae0) returned 0x0 [0181.723] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321ae0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.723] WbemDefPath:IUnknown:Release (This=0xe321ae0) returned 0x3 [0181.723] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.723] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.723] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.723] WbemDefPath:IUnknown:Release (This=0xb7fcf8) returned 0x2 [0181.723] WbemDefPath:IUnknown:Release (This=0xb7fcf8) returned 0x1 [0181.723] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.723] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.724] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fcf8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fcf8) returned 0x0 [0181.724] WbemDefPath:IUnknown:AddRef (This=0xb7fcf8) returned 0x3 [0181.724] WbemDefPath:IUnknown:Release (This=0xb7fcf8) returned 0x2 [0181.724] WbemDefPath:IWbemPath:SetText (This=0xb7fcf8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3528\"") returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.724] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.724] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccb00*=0, plFlavor=0x6bccb04*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdc8, varVal2=0x0), pType=0x6bccb00*=19, plFlavor=0x6bccb04*=0) returned 0x0 [0181.725] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccb00*=19, plFlavor=0x6bccb04*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdc8, varVal2=0x0), pType=0x6bccb00*=19, plFlavor=0x6bccb04*=0) returned 0x0 [0181.725] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.725] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.725] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.725] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccc4c*=0, plFlavor=0x6bccc50*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="decide.exe", varVal2=0x0), pType=0x6bccc4c*=8, plFlavor=0x6bccc50*=0) returned 0x0 [0181.725] SysStringByteLen (bstr="decide.exe") returned 0x14 [0181.725] SysStringByteLen (bstr="decide.exe") returned 0x14 [0181.726] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccc4c*=8, plFlavor=0x6bccc50*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="decide.exe", varVal2=0x0), pType=0x6bccc4c*=8, plFlavor=0x6bccc50*=0) returned 0x0 [0181.726] SysStringByteLen (bstr="decide.exe") returned 0x14 [0181.726] SysStringByteLen (bstr="decide.exe") returned 0x14 [0181.726] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.726] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.726] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.726] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccdd0*=0, plFlavor=0x6bccdd4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ", varVal2=0x0), pType=0x6bccdd0*=8, plFlavor=0x6bccdd4*=0) returned 0x0 [0181.726] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ") returned 0x6a [0181.726] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ") returned 0x6a [0181.727] IWbemClassObject:Get (in: This=0xe31c9b0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bccdd0*=8, plFlavor=0x6bccdd4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ", varVal2=0x0), pType=0x6bccdd0*=8, plFlavor=0x6bccdd4*=0) returned 0x0 [0181.727] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ") returned 0x6a [0181.727] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Defender\\decide.exe\" ") returned 0x6a [0181.727] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.727] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe31b1c8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.728] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b1c8) returned 0x0 [0181.728] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.728] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.728] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.728] IUnknown:AddRef (This=0xe31b1c8) returned 0x3 [0181.729] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.729] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.729] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b1cc) returned 0x0 [0181.729] IMarshal:GetUnmarshalClass (in: This=0xe31b1cc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.729] IUnknown:Release (This=0xe31b1cc) returned 0x3 [0181.729] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.729] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.729] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.729] IUnknown:Release (This=0xe31b1c8) returned 0x2 [0181.729] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.729] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.729] IUnknown:QueryInterface (in: This=0xe31b1c8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b1c8) returned 0x0 [0181.730] IUnknown:AddRef (This=0xe31b1c8) returned 0x4 [0181.730] IUnknown:Release (This=0xe31b1c8) returned 0x3 [0181.730] IUnknown:Release (This=0xe31b1c8) returned 0x2 [0181.730] CoTaskMemFree (pv=0xc16518) [0181.730] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.730] IUnknown:AddRef (This=0xe31b1c8) returned 0x3 [0181.730] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.730] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.730] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x5e [0181.730] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x5e [0181.731] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.731] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.731] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.731] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.732] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0181.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.732] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7ff98) returned 0x0 [0181.732] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0181.732] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7ff98) returned 0x0 [0181.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.733] WbemDefPath:IUnknown:AddRef (This=0xb7ff98) returned 0x3 [0181.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.733] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321960) returned 0x0 [0181.733] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321960, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.733] WbemDefPath:IUnknown:Release (This=0xe321960) returned 0x3 [0181.733] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.734] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.734] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.734] WbemDefPath:IUnknown:Release (This=0xb7ff98) returned 0x2 [0181.734] WbemDefPath:IUnknown:Release (This=0xb7ff98) returned 0x1 [0181.734] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.734] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.734] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff98, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7ff98) returned 0x0 [0181.734] WbemDefPath:IUnknown:AddRef (This=0xb7ff98) returned 0x3 [0181.734] WbemDefPath:IUnknown:Release (This=0xb7ff98) returned 0x2 [0181.734] WbemDefPath:IWbemPath:SetText (This=0xb7ff98, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3536\"") returned 0x0 [0181.734] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.734] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.735] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.735] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.735] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.735] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcd878*=0, plFlavor=0x6bcd87c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdd0, varVal2=0x0), pType=0x6bcd878*=19, plFlavor=0x6bcd87c*=0) returned 0x0 [0181.735] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcd878*=19, plFlavor=0x6bcd87c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdd0, varVal2=0x0), pType=0x6bcd878*=19, plFlavor=0x6bcd87c*=0) returned 0x0 [0181.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.736] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.736] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.736] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcd9c4*=0, plFlavor=0x6bcd9c8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="research.exe", varVal2=0x0), pType=0x6bcd9c4*=8, plFlavor=0x6bcd9c8*=0) returned 0x0 [0181.736] SysStringByteLen (bstr="research.exe") returned 0x18 [0181.736] SysStringByteLen (bstr="research.exe") returned 0x18 [0181.736] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcd9c4*=8, plFlavor=0x6bcd9c8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="research.exe", varVal2=0x0), pType=0x6bcd9c4*=8, plFlavor=0x6bcd9c8*=0) returned 0x0 [0181.737] SysStringByteLen (bstr="research.exe") returned 0x18 [0181.737] SysStringByteLen (bstr="research.exe") returned 0x18 [0181.737] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.737] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.784] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.785] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcdb50*=0, plFlavor=0x6bcdb54*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ", varVal2=0x0), pType=0x6bcdb50*=8, plFlavor=0x6bcdb54*=0) returned 0x0 [0181.785] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ") returned 0x64 [0181.785] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ") returned 0x64 [0181.785] IWbemClassObject:Get (in: This=0xe31b1c8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcdb50*=8, plFlavor=0x6bcdb54*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ", varVal2=0x0), pType=0x6bcdb50*=8, plFlavor=0x6bcdb54*=0) returned 0x0 [0181.785] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ") returned 0x64 [0181.785] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\research.exe\" ") returned 0x64 [0181.785] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0181.785] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe31b690, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.786] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b690) returned 0x0 [0181.786] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.786] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.786] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.787] IUnknown:AddRef (This=0xe31b690) returned 0x3 [0181.787] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.787] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.787] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b694) returned 0x0 [0181.787] IMarshal:GetUnmarshalClass (in: This=0xe31b694, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.787] IUnknown:Release (This=0xe31b694) returned 0x3 [0181.787] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.787] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.787] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.787] IUnknown:Release (This=0xe31b690) returned 0x2 [0181.787] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.787] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.787] IUnknown:QueryInterface (in: This=0xe31b690, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b690) returned 0x0 [0181.788] IUnknown:AddRef (This=0xe31b690) returned 0x4 [0181.788] IUnknown:Release (This=0xe31b690) returned 0x3 [0181.788] IUnknown:Release (This=0xe31b690) returned 0x2 [0181.788] CoTaskMemFree (pv=0xc164b8) [0181.788] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.788] IUnknown:AddRef (This=0xe31b690) returned 0x3 [0181.788] IWbemClassObject:Get (in: This=0xe31b690, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.788] IWbemClassObject:Get (in: This=0xe31b690, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.788] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x5e [0181.788] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x5e [0181.788] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.788] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.789] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.789] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.790] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0181.790] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.790] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7feb8) returned 0x0 [0181.790] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0181.790] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7feb8) returned 0x0 [0181.790] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.790] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.791] WbemDefPath:IUnknown:AddRef (This=0xb7feb8) returned 0x3 [0181.791] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.791] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.791] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321eb8) returned 0x0 [0181.791] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321eb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.791] WbemDefPath:IUnknown:Release (This=0xe321eb8) returned 0x3 [0181.791] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.791] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.791] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.791] WbemDefPath:IUnknown:Release (This=0xb7feb8) returned 0x2 [0181.791] WbemDefPath:IUnknown:Release (This=0xb7feb8) returned 0x1 [0181.791] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.791] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.791] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7feb8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7feb8) returned 0x0 [0181.792] WbemDefPath:IUnknown:AddRef (This=0xb7feb8) returned 0x3 [0181.792] WbemDefPath:IUnknown:Release (This=0xb7feb8) returned 0x2 [0181.792] WbemDefPath:IWbemPath:SetText (This=0xb7feb8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3548\"") returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.792] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.792] IWbemClassObject:Get (in: This=0xe31b690, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce5ec*=0, plFlavor=0x6bce5f0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xddc, varVal2=0x0), pType=0x6bce5ec*=19, plFlavor=0x6bce5f0*=0) returned 0x0 [0181.792] IWbemClassObject:Get (in: This=0xe31b690, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce5ec*=19, plFlavor=0x6bce5f0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xddc, varVal2=0x0), pType=0x6bce5ec*=19, plFlavor=0x6bce5f0*=0) returned 0x0 [0181.793] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.793] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.793] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.793] IWbemClassObject:Get (in: This=0xe31b690, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce738*=0, plFlavor=0x6bce73c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="read_task_at.exe", varVal2=0x0), pType=0x6bce738*=8, plFlavor=0x6bce73c*=0) returned 0x0 [0181.793] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0181.793] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0181.793] IWbemClassObject:Get (in: This=0xe31b690, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce738*=8, plFlavor=0x6bce73c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="read_task_at.exe", varVal2=0x0), pType=0x6bce738*=8, plFlavor=0x6bce73c*=0) returned 0x0 [0181.794] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0181.794] SysStringByteLen (bstr="read_task_at.exe") returned 0x20 [0181.794] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.794] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.794] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.794] IWbemClassObject:Get (in: This=0xe31b690, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce8d4*=0, plFlavor=0x6bce8d8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ", varVal2=0x0), pType=0x6bce8d4*=8, plFlavor=0x6bce8d8*=0) returned 0x0 [0181.794] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ") returned 0x7e [0181.794] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ") returned 0x7e [0181.794] IWbemClassObject:Get (in: This=0xe31b690, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bce8d4*=8, plFlavor=0x6bce8d8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ", varVal2=0x0), pType=0x6bce8d4*=8, plFlavor=0x6bce8d8*=0) returned 0x0 [0181.794] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ") returned 0x7e [0181.794] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\read_task_at.exe\" ") returned 0x7e [0181.795] CoTaskMemAlloc (cb=0x4) returned 0xc16538 [0181.795] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16538, puReturned=0x6bb7a50 | out: apObjects=0xc16538*=0xe31c1b8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.879] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c1b8) returned 0x0 [0181.879] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.879] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.879] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.880] IUnknown:AddRef (This=0xe31c1b8) returned 0x3 [0181.880] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.880] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.880] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c1bc) returned 0x0 [0181.880] IMarshal:GetUnmarshalClass (in: This=0xe31c1bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.880] IUnknown:Release (This=0xe31c1bc) returned 0x3 [0181.880] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.880] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.880] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.880] IUnknown:Release (This=0xe31c1b8) returned 0x2 [0181.881] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.881] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.881] IUnknown:QueryInterface (in: This=0xe31c1b8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c1b8) returned 0x0 [0181.881] IUnknown:AddRef (This=0xe31c1b8) returned 0x4 [0181.881] IUnknown:Release (This=0xe31c1b8) returned 0x3 [0181.881] IUnknown:Release (This=0xe31c1b8) returned 0x2 [0181.881] CoTaskMemFree (pv=0xc16538) [0181.881] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.881] IUnknown:AddRef (This=0xe31c1b8) returned 0x3 [0181.881] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.882] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.882] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x5e [0181.882] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x5e [0181.882] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.882] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.882] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.882] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.884] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0181.884] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.884] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80548) returned 0x0 [0181.884] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0181.884] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80548) returned 0x0 [0181.884] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.885] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.885] WbemDefPath:IUnknown:AddRef (This=0xb80548) returned 0x3 [0181.885] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.885] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.885] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321e58) returned 0x0 [0181.885] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321e58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.885] WbemDefPath:IUnknown:Release (This=0xe321e58) returned 0x3 [0181.885] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.885] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.886] WbemDefPath:IUnknown:Release (This=0xb80548) returned 0x2 [0181.886] WbemDefPath:IUnknown:Release (This=0xb80548) returned 0x1 [0181.886] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.886] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80548, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80548) returned 0x0 [0181.886] WbemDefPath:IUnknown:AddRef (This=0xb80548) returned 0x3 [0181.886] WbemDefPath:IUnknown:Release (This=0xb80548) returned 0x2 [0181.886] WbemDefPath:IWbemPath:SetText (This=0xb80548, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3564\"") returned 0x0 [0181.886] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.886] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.886] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.887] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.887] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.887] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.887] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf3c4*=0, plFlavor=0x6bcf3c8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdec, varVal2=0x0), pType=0x6bcf3c4*=19, plFlavor=0x6bcf3c8*=0) returned 0x0 [0181.887] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf3c4*=19, plFlavor=0x6bcf3c8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdec, varVal2=0x0), pType=0x6bcf3c4*=19, plFlavor=0x6bcf3c8*=0) returned 0x0 [0181.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.888] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf510*=0, plFlavor=0x6bcf514*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="remain_reality_probably.exe", varVal2=0x0), pType=0x6bcf510*=8, plFlavor=0x6bcf514*=0) returned 0x0 [0181.888] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0181.888] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0181.888] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf510*=8, plFlavor=0x6bcf514*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="remain_reality_probably.exe", varVal2=0x0), pType=0x6bcf510*=8, plFlavor=0x6bcf514*=0) returned 0x0 [0181.888] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0181.888] SysStringByteLen (bstr="remain_reality_probably.exe") returned 0x36 [0181.889] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.889] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.889] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.889] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf6d4*=0, plFlavor=0x6bcf6d8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ", varVal2=0x0), pType=0x6bcf6d4*=8, plFlavor=0x6bcf6d8*=0) returned 0x0 [0181.889] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ") returned 0x82 [0181.889] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ") returned 0x82 [0181.889] IWbemClassObject:Get (in: This=0xe31c1b8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bcf6d4*=8, plFlavor=0x6bcf6d8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ", varVal2=0x0), pType=0x6bcf6d4*=8, plFlavor=0x6bcf6d8*=0) returned 0x0 [0181.889] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ") returned 0x82 [0181.889] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\remain_reality_probably.exe\" ") returned 0x82 [0181.889] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0181.889] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6bb7a50 | out: apObjects=0xc16468*=0xe31b4f8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.890] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b4f8) returned 0x0 [0181.890] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.891] IUnknown:AddRef (This=0xe31b4f8) returned 0x3 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b4fc) returned 0x0 [0181.891] IMarshal:GetUnmarshalClass (in: This=0xe31b4fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.891] IUnknown:Release (This=0xe31b4fc) returned 0x3 [0181.891] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.891] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.891] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.892] IUnknown:Release (This=0xe31b4f8) returned 0x2 [0181.892] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.892] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.892] IUnknown:QueryInterface (in: This=0xe31b4f8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b4f8) returned 0x0 [0181.892] IUnknown:AddRef (This=0xe31b4f8) returned 0x4 [0181.892] IUnknown:Release (This=0xe31b4f8) returned 0x3 [0181.892] IUnknown:Release (This=0xe31b4f8) returned 0x2 [0181.892] CoTaskMemFree (pv=0xc16468) [0181.892] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.892] IUnknown:AddRef (This=0xe31b4f8) returned 0x3 [0181.892] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.892] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.892] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x5e [0181.892] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x5e [0181.893] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.893] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.893] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.893] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.894] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16468) returned 0x0 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.895] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16468, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80158) returned 0x0 [0181.895] WbemDefPath:IUnknown:Release (This=0xc16468) returned 0x0 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80158) returned 0x0 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.895] WbemDefPath:IUnknown:AddRef (This=0xb80158) returned 0x3 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321ee8) returned 0x0 [0181.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321ee8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.896] WbemDefPath:IUnknown:Release (This=0xe321ee8) returned 0x3 [0181.896] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.896] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.896] WbemDefPath:IUnknown:Release (This=0xb80158) returned 0x2 [0181.896] WbemDefPath:IUnknown:Release (This=0xb80158) returned 0x1 [0181.896] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.896] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80158, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80158) returned 0x0 [0181.896] WbemDefPath:IUnknown:AddRef (This=0xb80158) returned 0x3 [0181.896] WbemDefPath:IUnknown:Release (This=0xb80158) returned 0x2 [0181.897] WbemDefPath:IWbemPath:SetText (This=0xb80158, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3576\"") returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.897] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd01e4*=0, plFlavor=0x6bd01e8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdf8, varVal2=0x0), pType=0x6bd01e4*=19, plFlavor=0x6bd01e8*=0) returned 0x0 [0181.897] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd01e4*=19, plFlavor=0x6bd01e8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xdf8, varVal2=0x0), pType=0x6bd01e4*=19, plFlavor=0x6bd01e8*=0) returned 0x0 [0181.898] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.898] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd0330*=0, plFlavor=0x6bd0334*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="they_option_approach.exe", varVal2=0x0), pType=0x6bd0330*=8, plFlavor=0x6bd0334*=0) returned 0x0 [0181.898] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0181.898] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0181.898] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd0330*=8, plFlavor=0x6bd0334*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="they_option_approach.exe", varVal2=0x0), pType=0x6bd0330*=8, plFlavor=0x6bd0334*=0) returned 0x0 [0181.898] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0181.898] SysStringByteLen (bstr="they_option_approach.exe") returned 0x30 [0181.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.899] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd04ec*=0, plFlavor=0x6bd04f0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ", varVal2=0x0), pType=0x6bd04ec*=8, plFlavor=0x6bd04f0*=0) returned 0x0 [0181.899] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ") returned 0x80 [0181.899] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ") returned 0x80 [0181.899] IWbemClassObject:Get (in: This=0xe31b4f8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd04ec*=8, plFlavor=0x6bd04f0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ", varVal2=0x0), pType=0x6bd04ec*=8, plFlavor=0x6bd04f0*=0) returned 0x0 [0181.899] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ") returned 0x80 [0181.899] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\they_option_approach.exe\" ") returned 0x80 [0181.900] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0181.900] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe31ae98, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.942] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31ae98) returned 0x0 [0181.942] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.942] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.942] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.943] IUnknown:AddRef (This=0xe31ae98) returned 0x3 [0181.943] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.943] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.943] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31ae9c) returned 0x0 [0181.943] IMarshal:GetUnmarshalClass (in: This=0xe31ae9c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.943] IUnknown:Release (This=0xe31ae9c) returned 0x3 [0181.943] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.943] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.943] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.944] IUnknown:Release (This=0xe31ae98) returned 0x2 [0181.944] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.944] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.944] IUnknown:QueryInterface (in: This=0xe31ae98, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31ae98) returned 0x0 [0181.944] IUnknown:AddRef (This=0xe31ae98) returned 0x4 [0181.944] IUnknown:Release (This=0xe31ae98) returned 0x3 [0181.944] IUnknown:Release (This=0xe31ae98) returned 0x2 [0181.944] CoTaskMemFree (pv=0xc16488) [0181.944] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.944] IUnknown:AddRef (This=0xe31ae98) returned 0x3 [0181.944] IWbemClassObject:Get (in: This=0xe31ae98, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.944] IWbemClassObject:Get (in: This=0xe31ae98, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.945] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x5e [0181.945] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x5e [0181.945] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.945] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.945] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.945] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.946] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.947] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80008) returned 0x0 [0181.947] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80008) returned 0x0 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.947] WbemDefPath:IUnknown:AddRef (This=0xb80008) returned 0x3 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.947] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe322140) returned 0x0 [0181.947] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe322140, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.948] WbemDefPath:IUnknown:Release (This=0xe322140) returned 0x3 [0181.948] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.948] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.948] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.948] WbemDefPath:IUnknown:Release (This=0xb80008) returned 0x2 [0181.948] WbemDefPath:IUnknown:Release (This=0xb80008) returned 0x1 [0181.948] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.948] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.948] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80008, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80008) returned 0x0 [0181.948] WbemDefPath:IUnknown:AddRef (This=0xb80008) returned 0x3 [0181.948] WbemDefPath:IUnknown:Release (This=0xb80008) returned 0x2 [0181.948] WbemDefPath:IWbemPath:SetText (This=0xb80008, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3588\"") returned 0x0 [0181.948] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.949] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.949] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.949] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.949] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.949] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.949] IWbemClassObject:Get (in: This=0xe31ae98, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd0ff4*=0, plFlavor=0x6bd0ff8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe04, varVal2=0x0), pType=0x6bd0ff4*=19, plFlavor=0x6bd0ff8*=0) returned 0x0 [0181.949] IWbemClassObject:Get (in: This=0xe31ae98, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd0ff4*=19, plFlavor=0x6bd0ff8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe04, varVal2=0x0), pType=0x6bd0ff4*=19, plFlavor=0x6bd0ff8*=0) returned 0x0 [0181.950] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.950] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.950] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.950] IWbemClassObject:Get (in: This=0xe31ae98, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1140*=0, plFlavor=0x6bd1144*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="practice.exe", varVal2=0x0), pType=0x6bd1140*=8, plFlavor=0x6bd1144*=0) returned 0x0 [0181.950] SysStringByteLen (bstr="practice.exe") returned 0x18 [0181.950] SysStringByteLen (bstr="practice.exe") returned 0x18 [0181.950] IWbemClassObject:Get (in: This=0xe31ae98, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1140*=8, plFlavor=0x6bd1144*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="practice.exe", varVal2=0x0), pType=0x6bd1140*=8, plFlavor=0x6bd1144*=0) returned 0x0 [0181.950] SysStringByteLen (bstr="practice.exe") returned 0x18 [0181.950] SysStringByteLen (bstr="practice.exe") returned 0x18 [0181.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.951] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.951] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.951] IWbemClassObject:Get (in: This=0xe31ae98, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd12cc*=0, plFlavor=0x6bd12d0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ", varVal2=0x0), pType=0x6bd12cc*=8, plFlavor=0x6bd12d0*=0) returned 0x0 [0181.951] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ") returned 0x72 [0181.951] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ") returned 0x72 [0181.951] IWbemClassObject:Get (in: This=0xe31ae98, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd12cc*=8, plFlavor=0x6bd12d0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ", varVal2=0x0), pType=0x6bd12cc*=8, plFlavor=0x6bd12d0*=0) returned 0x0 [0181.951] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ") returned 0x72 [0181.951] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\practice.exe\" ") returned 0x72 [0181.951] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.951] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe31c350, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.952] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c350) returned 0x0 [0181.952] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.953] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.953] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.953] IUnknown:AddRef (This=0xe31c350) returned 0x3 [0181.953] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.953] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.953] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c354) returned 0x0 [0181.953] IMarshal:GetUnmarshalClass (in: This=0xe31c354, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.953] IUnknown:Release (This=0xe31c354) returned 0x3 [0181.953] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.953] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.954] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.954] IUnknown:Release (This=0xe31c350) returned 0x2 [0181.954] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.954] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.954] IUnknown:QueryInterface (in: This=0xe31c350, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c350) returned 0x0 [0181.954] IUnknown:AddRef (This=0xe31c350) returned 0x4 [0181.954] IUnknown:Release (This=0xe31c350) returned 0x3 [0181.954] IUnknown:Release (This=0xe31c350) returned 0x2 [0181.954] CoTaskMemFree (pv=0xc16518) [0181.954] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.954] IUnknown:AddRef (This=0xe31c350) returned 0x3 [0181.954] IWbemClassObject:Get (in: This=0xe31c350, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.954] IWbemClassObject:Get (in: This=0xe31c350, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.954] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x5e [0181.954] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x5e [0181.955] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.955] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.955] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.955] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.956] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0181.956] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.956] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fc88) returned 0x0 [0181.956] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0181.956] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fc88) returned 0x0 [0181.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.957] WbemDefPath:IUnknown:AddRef (This=0xb7fc88) returned 0x3 [0181.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.957] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.958] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe322338) returned 0x0 [0181.958] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe322338, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.958] WbemDefPath:IUnknown:Release (This=0xe322338) returned 0x3 [0181.958] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.958] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.958] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.958] WbemDefPath:IUnknown:Release (This=0xb7fc88) returned 0x2 [0181.958] WbemDefPath:IUnknown:Release (This=0xb7fc88) returned 0x1 [0181.958] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.958] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.958] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fc88, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fc88) returned 0x0 [0181.958] WbemDefPath:IUnknown:AddRef (This=0xb7fc88) returned 0x3 [0181.959] WbemDefPath:IUnknown:Release (This=0xb7fc88) returned 0x2 [0181.959] WbemDefPath:IWbemPath:SetText (This=0xb7fc88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3608\"") returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.959] IWbemClassObject:Get (in: This=0xe31c350, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1d90*=0, plFlavor=0x6bd1d94*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe18, varVal2=0x0), pType=0x6bd1d90*=19, plFlavor=0x6bd1d94*=0) returned 0x0 [0181.959] IWbemClassObject:Get (in: This=0xe31c350, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1d90*=19, plFlavor=0x6bd1d94*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe18, varVal2=0x0), pType=0x6bd1d90*=19, plFlavor=0x6bd1d94*=0) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.959] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.960] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.960] IWbemClassObject:Get (in: This=0xe31c350, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1edc*=0, plFlavor=0x6bd1ee0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x6bd1edc*=8, plFlavor=0x6bd1ee0*=0) returned 0x0 [0181.960] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0181.960] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0181.960] IWbemClassObject:Get (in: This=0xe31c350, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd1edc*=8, plFlavor=0x6bd1ee0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x6bd1edc*=8, plFlavor=0x6bd1ee0*=0) returned 0x0 [0181.960] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0181.960] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0181.960] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.960] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.960] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.960] IWbemClassObject:Get (in: This=0xe31c350, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2058*=0, plFlavor=0x6bd205c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ", varVal2=0x0), pType=0x6bd2058*=8, plFlavor=0x6bd205c*=0) returned 0x0 [0181.960] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ") returned 0x68 [0181.960] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ") returned 0x68 [0181.961] IWbemClassObject:Get (in: This=0xe31c350, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2058*=8, plFlavor=0x6bd205c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ", varVal2=0x0), pType=0x6bd2058*=8, plFlavor=0x6bd205c*=0) returned 0x0 [0181.961] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ") returned 0x68 [0181.961] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\3dftp.exe\" ") returned 0x68 [0181.961] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0181.961] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe31b360, puReturned=0x6bb7a50*=0x1) returned 0x0 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b360) returned 0x0 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0181.962] IUnknown:AddRef (This=0xe31b360) returned 0x3 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0181.962] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0181.963] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b364) returned 0x0 [0181.963] IMarshal:GetUnmarshalClass (in: This=0xe31b364, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0181.963] IUnknown:Release (This=0xe31b364) returned 0x3 [0181.963] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0181.963] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0181.963] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0181.963] IUnknown:Release (This=0xe31b360) returned 0x2 [0181.963] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0181.963] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0181.963] IUnknown:QueryInterface (in: This=0xe31b360, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b360) returned 0x0 [0181.963] IUnknown:AddRef (This=0xe31b360) returned 0x4 [0181.963] IUnknown:Release (This=0xe31b360) returned 0x3 [0181.963] IUnknown:Release (This=0xe31b360) returned 0x2 [0181.963] CoTaskMemFree (pv=0xc16518) [0181.963] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0181.963] IUnknown:AddRef (This=0xe31b360) returned 0x3 [0181.964] IWbemClassObject:Get (in: This=0xe31b360, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0181.964] IWbemClassObject:Get (in: This=0xe31b360, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0181.964] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x5e [0181.964] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x5e [0181.964] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0181.964] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0181.964] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0181.964] IUnknown:Release (This=0xb71a3c) returned 0x1 [0181.965] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16398) returned 0x0 [0181.965] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16398, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0181.965] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16398, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb801c8) returned 0x0 [0181.966] WbemDefPath:IUnknown:Release (This=0xc16398) returned 0x0 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb801c8) returned 0x0 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0181.966] WbemDefPath:IUnknown:AddRef (This=0xb801c8) returned 0x3 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0181.966] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3203e8) returned 0x0 [0181.966] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3203e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.966] WbemDefPath:IUnknown:Release (This=0xe3203e8) returned 0x3 [0181.966] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0181.966] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0181.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0181.967] WbemDefPath:IUnknown:Release (This=0xb801c8) returned 0x2 [0181.967] WbemDefPath:IUnknown:Release (This=0xb801c8) returned 0x1 [0181.967] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0181.967] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0181.967] WbemDefPath:IUnknown:QueryInterface (in: This=0xb801c8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb801c8) returned 0x0 [0181.967] WbemDefPath:IUnknown:AddRef (This=0xb801c8) returned 0x3 [0181.967] WbemDefPath:IUnknown:Release (This=0xb801c8) returned 0x2 [0181.967] WbemDefPath:IWbemPath:SetText (This=0xb801c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3616\"") returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.967] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.968] IWbemClassObject:Get (in: This=0xe31b360, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2afc*=0, plFlavor=0x6bd2b00*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe20, varVal2=0x0), pType=0x6bd2afc*=19, plFlavor=0x6bd2b00*=0) returned 0x0 [0181.968] IWbemClassObject:Get (in: This=0xe31b360, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2afc*=19, plFlavor=0x6bd2b00*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe20, varVal2=0x0), pType=0x6bd2afc*=19, plFlavor=0x6bd2b00*=0) returned 0x0 [0181.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.968] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.968] IWbemClassObject:Get (in: This=0xe31b360, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2c48*=0, plFlavor=0x6bd2c4c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x6bd2c48*=8, plFlavor=0x6bd2c4c*=0) returned 0x0 [0181.968] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0181.968] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0181.968] IWbemClassObject:Get (in: This=0xe31b360, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2c48*=8, plFlavor=0x6bd2c4c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x6bd2c48*=8, plFlavor=0x6bd2c4c*=0) returned 0x0 [0181.968] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0181.968] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0181.969] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0181.969] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0181.969] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.969] IWbemClassObject:Get (in: This=0xe31b360, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2dec*=0, plFlavor=0x6bd2df0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ", varVal2=0x0), pType=0x6bd2dec*=8, plFlavor=0x6bd2df0*=0) returned 0x0 [0181.969] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ") returned 0x76 [0181.969] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ") returned 0x76 [0181.969] IWbemClassObject:Get (in: This=0xe31b360, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd2dec*=8, plFlavor=0x6bd2df0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ", varVal2=0x0), pType=0x6bd2dec*=8, plFlavor=0x6bd2df0*=0) returned 0x0 [0181.969] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ") returned 0x76 [0181.969] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\absolutetelnet.exe\" ") returned 0x76 [0181.969] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0181.969] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe31cb48, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.066] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31cb48) returned 0x0 [0182.066] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.066] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.066] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.067] IUnknown:AddRef (This=0xe31cb48) returned 0x3 [0182.067] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.067] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.067] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31cb4c) returned 0x0 [0182.067] IMarshal:GetUnmarshalClass (in: This=0xe31cb4c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.067] IUnknown:Release (This=0xe31cb4c) returned 0x3 [0182.067] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.067] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.067] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.067] IUnknown:Release (This=0xe31cb48) returned 0x2 [0182.068] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.068] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.068] IUnknown:QueryInterface (in: This=0xe31cb48, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31cb48) returned 0x0 [0182.068] IUnknown:AddRef (This=0xe31cb48) returned 0x4 [0182.068] IUnknown:Release (This=0xe31cb48) returned 0x3 [0182.068] IUnknown:Release (This=0xe31cb48) returned 0x2 [0182.068] CoTaskMemFree (pv=0xc164b8) [0182.068] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.068] IUnknown:AddRef (This=0xe31cb48) returned 0x3 [0182.068] IWbemClassObject:Get (in: This=0xe31cb48, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.068] IWbemClassObject:Get (in: This=0xe31cb48, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.068] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x5e [0182.069] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x5e [0182.069] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.069] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.069] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.069] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.070] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0182.070] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.071] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7f7b8) returned 0x0 [0182.071] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7f7b8) returned 0x0 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.071] WbemDefPath:IUnknown:AddRef (This=0xb7f7b8) returned 0x3 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe320670) returned 0x0 [0182.071] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320670, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.071] WbemDefPath:IUnknown:Release (This=0xe320670) returned 0x3 [0182.072] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.072] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.072] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.072] WbemDefPath:IUnknown:Release (This=0xb7f7b8) returned 0x2 [0182.072] WbemDefPath:IUnknown:Release (This=0xb7f7b8) returned 0x1 [0182.072] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.072] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.072] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7f7b8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7f7b8) returned 0x0 [0182.072] WbemDefPath:IUnknown:AddRef (This=0xb7f7b8) returned 0x3 [0182.072] WbemDefPath:IUnknown:Release (This=0xb7f7b8) returned 0x2 [0182.072] WbemDefPath:IWbemPath:SetText (This=0xb7f7b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3628\"") returned 0x0 [0182.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.072] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.073] IWbemClassObject:Get (in: This=0xe31cb48, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd38c8*=0, plFlavor=0x6bd38cc*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe2c, varVal2=0x0), pType=0x6bd38c8*=19, plFlavor=0x6bd38cc*=0) returned 0x0 [0182.073] IWbemClassObject:Get (in: This=0xe31cb48, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd38c8*=19, plFlavor=0x6bd38cc*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe2c, varVal2=0x0), pType=0x6bd38c8*=19, plFlavor=0x6bd38cc*=0) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.073] IWbemClassObject:Get (in: This=0xe31cb48, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd3a14*=0, plFlavor=0x6bd3a18*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x6bd3a14*=8, plFlavor=0x6bd3a18*=0) returned 0x0 [0182.074] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0182.074] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0182.074] IWbemClassObject:Get (in: This=0xe31cb48, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd3a14*=8, plFlavor=0x6bd3a18*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x6bd3a14*=8, plFlavor=0x6bd3a18*=0) returned 0x0 [0182.074] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0182.074] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0182.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.074] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.074] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.074] IWbemClassObject:Get (in: This=0xe31cb48, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd3b90*=0, plFlavor=0x6bd3b94*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ", varVal2=0x0), pType=0x6bd3b90*=8, plFlavor=0x6bd3b94*=0) returned 0x0 [0182.074] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ") returned 0x5c [0182.074] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ") returned 0x5c [0182.074] IWbemClassObject:Get (in: This=0xe31cb48, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd3b90*=8, plFlavor=0x6bd3b94*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ", varVal2=0x0), pType=0x6bd3b90*=8, plFlavor=0x6bd3b94*=0) returned 0x0 [0182.074] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ") returned 0x5c [0182.075] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\alftp.exe\" ") returned 0x5c [0182.075] CoTaskMemAlloc (cb=0x4) returned 0xc16538 [0182.075] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16538, puReturned=0x6bb7a50 | out: apObjects=0xc16538*=0xe31b030, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.076] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b030) returned 0x0 [0182.076] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.076] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.076] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.076] IUnknown:AddRef (This=0xe31b030) returned 0x3 [0182.076] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.077] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.077] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b034) returned 0x0 [0182.077] IMarshal:GetUnmarshalClass (in: This=0xe31b034, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.077] IUnknown:Release (This=0xe31b034) returned 0x3 [0182.077] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.077] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.077] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.077] IUnknown:Release (This=0xe31b030) returned 0x2 [0182.077] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.077] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.077] IUnknown:QueryInterface (in: This=0xe31b030, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b030) returned 0x0 [0182.077] IUnknown:AddRef (This=0xe31b030) returned 0x4 [0182.077] IUnknown:Release (This=0xe31b030) returned 0x3 [0182.077] IUnknown:Release (This=0xe31b030) returned 0x2 [0182.077] CoTaskMemFree (pv=0xc16538) [0182.078] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.078] IUnknown:AddRef (This=0xe31b030) returned 0x3 [0182.078] IWbemClassObject:Get (in: This=0xe31b030, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.078] IWbemClassObject:Get (in: This=0xe31b030, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.078] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x5e [0182.078] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x5e [0182.078] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.078] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.078] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.078] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.079] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.080] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fba8) returned 0x0 [0182.080] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fba8) returned 0x0 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.080] WbemDefPath:IUnknown:AddRef (This=0xb7fba8) returned 0x3 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.081] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3206d0) returned 0x0 [0182.081] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3206d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.081] WbemDefPath:IUnknown:Release (This=0xe3206d0) returned 0x3 [0182.081] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.081] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.081] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.081] WbemDefPath:IUnknown:Release (This=0xb7fba8) returned 0x2 [0182.081] WbemDefPath:IUnknown:Release (This=0xb7fba8) returned 0x1 [0182.082] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.082] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fba8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fba8) returned 0x0 [0182.082] WbemDefPath:IUnknown:AddRef (This=0xb7fba8) returned 0x3 [0182.082] WbemDefPath:IUnknown:Release (This=0xb7fba8) returned 0x2 [0182.082] WbemDefPath:IWbemPath:SetText (This=0xb7fba8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3644\"") returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.082] IWbemClassObject:Get (in: This=0xe31b030, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd471c*=0, plFlavor=0x6bd4720*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe3c, varVal2=0x0), pType=0x6bd471c*=19, plFlavor=0x6bd4720*=0) returned 0x0 [0182.082] IWbemClassObject:Get (in: This=0xe31b030, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd471c*=19, plFlavor=0x6bd4720*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe3c, varVal2=0x0), pType=0x6bd471c*=19, plFlavor=0x6bd4720*=0) returned 0x0 [0182.083] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.083] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.083] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.083] IWbemClassObject:Get (in: This=0xe31b030, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd4868*=0, plFlavor=0x6bd486c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x6bd4868*=8, plFlavor=0x6bd486c*=0) returned 0x0 [0182.083] SysStringByteLen (bstr="barca.exe") returned 0x12 [0182.083] SysStringByteLen (bstr="barca.exe") returned 0x12 [0182.083] IWbemClassObject:Get (in: This=0xe31b030, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd4868*=8, plFlavor=0x6bd486c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x6bd4868*=8, plFlavor=0x6bd486c*=0) returned 0x0 [0182.083] SysStringByteLen (bstr="barca.exe") returned 0x12 [0182.083] SysStringByteLen (bstr="barca.exe") returned 0x12 [0182.084] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.084] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.084] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.084] IWbemClassObject:Get (in: This=0xe31b030, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd49e4*=0, plFlavor=0x6bd49e8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ", varVal2=0x0), pType=0x6bd49e4*=8, plFlavor=0x6bd49e8*=0) returned 0x0 [0182.084] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ") returned 0x68 [0182.084] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ") returned 0x68 [0182.084] IWbemClassObject:Get (in: This=0xe31b030, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd49e4*=8, plFlavor=0x6bd49e8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ", varVal2=0x0), pType=0x6bd49e4*=8, plFlavor=0x6bd49e8*=0) returned 0x0 [0182.084] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ") returned 0x68 [0182.084] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft Office\\barca.exe\" ") returned 0x68 [0182.084] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0182.084] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6bb7a50 | out: apObjects=0xc16468*=0xe31c4e8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.085] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c4e8) returned 0x0 [0182.085] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.086] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.086] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.086] IUnknown:AddRef (This=0xe31c4e8) returned 0x3 [0182.086] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.086] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.086] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c4ec) returned 0x0 [0182.086] IMarshal:GetUnmarshalClass (in: This=0xe31c4ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.086] IUnknown:Release (This=0xe31c4ec) returned 0x3 [0182.086] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.086] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.087] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.087] IUnknown:Release (This=0xe31c4e8) returned 0x2 [0182.087] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.087] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.087] IUnknown:QueryInterface (in: This=0xe31c4e8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c4e8) returned 0x0 [0182.087] IUnknown:AddRef (This=0xe31c4e8) returned 0x4 [0182.087] IUnknown:Release (This=0xe31c4e8) returned 0x3 [0182.087] IUnknown:Release (This=0xe31c4e8) returned 0x2 [0182.087] CoTaskMemFree (pv=0xc16468) [0182.087] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.087] IUnknown:AddRef (This=0xe31c4e8) returned 0x3 [0182.087] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.088] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.088] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x5e [0182.088] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x5e [0182.088] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.088] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.088] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.088] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.089] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163f8) returned 0x0 [0182.089] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.089] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fdd8) returned 0x0 [0182.090] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fdd8) returned 0x0 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.090] WbemDefPath:IUnknown:AddRef (This=0xb7fdd8) returned 0x3 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.090] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe320778) returned 0x0 [0182.090] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320778, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.090] WbemDefPath:IUnknown:Release (This=0xe320778) returned 0x3 [0182.090] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.090] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.091] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.091] WbemDefPath:IUnknown:Release (This=0xb7fdd8) returned 0x2 [0182.091] WbemDefPath:IUnknown:Release (This=0xb7fdd8) returned 0x1 [0182.091] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.091] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.091] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fdd8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fdd8) returned 0x0 [0182.091] WbemDefPath:IUnknown:AddRef (This=0xb7fdd8) returned 0x3 [0182.091] WbemDefPath:IUnknown:Release (This=0xb7fdd8) returned 0x2 [0182.091] WbemDefPath:IWbemPath:SetText (This=0xb7fdd8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3656\"") returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.091] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.091] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd5488*=0, plFlavor=0x6bd548c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe48, varVal2=0x0), pType=0x6bd5488*=19, plFlavor=0x6bd548c*=0) returned 0x0 [0182.092] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd5488*=19, plFlavor=0x6bd548c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe48, varVal2=0x0), pType=0x6bd5488*=19, plFlavor=0x6bd548c*=0) returned 0x0 [0182.092] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.092] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.092] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.092] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd55d4*=0, plFlavor=0x6bd55d8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x6bd55d4*=8, plFlavor=0x6bd55d8*=0) returned 0x0 [0182.092] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0182.092] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0182.092] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd55d4*=8, plFlavor=0x6bd55d8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x6bd55d4*=8, plFlavor=0x6bd55d8*=0) returned 0x0 [0182.092] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0182.092] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0182.093] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.093] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.093] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.093] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd5760*=0, plFlavor=0x6bd5764*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ", varVal2=0x0), pType=0x6bd5760*=8, plFlavor=0x6bd5764*=0) returned 0x0 [0182.093] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ") returned 0x68 [0182.093] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ") returned 0x68 [0182.093] IWbemClassObject:Get (in: This=0xe31c4e8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd5760*=8, plFlavor=0x6bd5764*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ", varVal2=0x0), pType=0x6bd5760*=8, plFlavor=0x6bd5764*=0) returned 0x0 [0182.093] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ") returned 0x68 [0182.093] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\bitkinex.exe\" ") returned 0x68 [0182.093] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0182.093] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe31b828, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.094] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b828) returned 0x0 [0182.094] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.094] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.095] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.095] IUnknown:AddRef (This=0xe31b828) returned 0x3 [0182.095] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.095] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.095] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b82c) returned 0x0 [0182.095] IMarshal:GetUnmarshalClass (in: This=0xe31b82c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.095] IUnknown:Release (This=0xe31b82c) returned 0x3 [0182.095] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.095] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.095] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.096] IUnknown:Release (This=0xe31b828) returned 0x2 [0182.096] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.096] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.096] IUnknown:QueryInterface (in: This=0xe31b828, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b828) returned 0x0 [0182.096] IUnknown:AddRef (This=0xe31b828) returned 0x4 [0182.096] IUnknown:Release (This=0xe31b828) returned 0x3 [0182.096] IUnknown:Release (This=0xe31b828) returned 0x2 [0182.096] CoTaskMemFree (pv=0xc164b8) [0182.096] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.096] IUnknown:AddRef (This=0xe31b828) returned 0x3 [0182.096] IWbemClassObject:Get (in: This=0xe31b828, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.096] IWbemClassObject:Get (in: This=0xe31b828, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.096] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0182.097] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0182.097] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.097] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.097] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.097] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.099] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0182.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.099] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fa58) returned 0x0 [0182.099] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0182.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fa58) returned 0x0 [0182.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.099] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.100] WbemDefPath:IUnknown:AddRef (This=0xb7fa58) returned 0x3 [0182.100] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.100] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.100] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3209e8) returned 0x0 [0182.100] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3209e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.100] WbemDefPath:IUnknown:Release (This=0xe3209e8) returned 0x3 [0182.100] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.101] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.101] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.101] WbemDefPath:IUnknown:Release (This=0xb7fa58) returned 0x2 [0182.101] WbemDefPath:IUnknown:Release (This=0xb7fa58) returned 0x1 [0182.101] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.101] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.101] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fa58, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fa58) returned 0x0 [0182.101] WbemDefPath:IUnknown:AddRef (This=0xb7fa58) returned 0x3 [0182.101] WbemDefPath:IUnknown:Release (This=0xb7fa58) returned 0x2 [0182.101] WbemDefPath:IWbemPath:SetText (This=0xb7fa58, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x0 [0182.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.101] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.102] IWbemClassObject:Get (in: This=0xe31b828, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6208*=0, plFlavor=0x6bd620c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe50, varVal2=0x0), pType=0x6bd6208*=19, plFlavor=0x6bd620c*=0) returned 0x0 [0182.102] IWbemClassObject:Get (in: This=0xe31b828, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6208*=19, plFlavor=0x6bd620c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe50, varVal2=0x0), pType=0x6bd6208*=19, plFlavor=0x6bd620c*=0) returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.102] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.102] IWbemClassObject:Get (in: This=0xe31b828, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6354*=0, plFlavor=0x6bd6358*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x6bd6354*=8, plFlavor=0x6bd6358*=0) returned 0x0 [0182.102] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0182.103] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0182.103] IWbemClassObject:Get (in: This=0xe31b828, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6354*=8, plFlavor=0x6bd6358*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x6bd6354*=8, plFlavor=0x6bd6358*=0) returned 0x0 [0182.103] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0182.103] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0182.103] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.103] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.103] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.103] IWbemClassObject:Get (in: This=0xe31b828, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd64d8*=0, plFlavor=0x6bd64dc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft SQL Server\\coreftp.exe\" ", varVal2=0x0), pType=0x6bd64d8*=8, plFlavor=0x6bd64dc*=0) returned 0x0 [0182.103] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft SQL Server\\coreftp.exe\" ") returned 0x74 [0182.103] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft SQL Server\\coreftp.exe\" ") returned 0x74 [0182.103] IWbemClassObject:Get (in: This=0xe31b828, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd64d8*=8, plFlavor=0x6bd64dc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft SQL Server\\coreftp.exe\" ", varVal2=0x0), pType=0x6bd64d8*=8, plFlavor=0x6bd64dc*=0) returned 0x0 [0182.104] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft SQL Server\\coreftp.exe\" ") returned 0x74 [0182.104] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0182.104] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6bb7a50 | out: apObjects=0xc16418*=0xe31b9c0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.145] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31b9c0) returned 0x0 [0182.145] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.145] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.145] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.146] IUnknown:AddRef (This=0xe31b9c0) returned 0x3 [0182.146] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.146] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.146] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31b9c4) returned 0x0 [0182.146] IMarshal:GetUnmarshalClass (in: This=0xe31b9c4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.146] IUnknown:Release (This=0xe31b9c4) returned 0x3 [0182.146] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.146] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.146] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.146] IUnknown:Release (This=0xe31b9c0) returned 0x2 [0182.147] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.147] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.147] IUnknown:QueryInterface (in: This=0xe31b9c0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31b9c0) returned 0x0 [0182.147] IUnknown:AddRef (This=0xe31b9c0) returned 0x4 [0182.147] IUnknown:Release (This=0xe31b9c0) returned 0x3 [0182.147] IUnknown:Release (This=0xe31b9c0) returned 0x2 [0182.147] CoTaskMemFree (pv=0xc16418) [0182.147] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.147] IUnknown:AddRef (This=0xe31b9c0) returned 0x3 [0182.147] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.147] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.148] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.148] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.148] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.148] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.149] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0182.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.149] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fb38) returned 0x0 [0182.150] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fb38) returned 0x0 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.150] WbemDefPath:IUnknown:AddRef (This=0xb7fb38) returned 0x3 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.150] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe320c88) returned 0x0 [0182.150] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320c88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.150] WbemDefPath:IUnknown:Release (This=0xe320c88) returned 0x3 [0182.150] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.151] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.151] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.151] WbemDefPath:IUnknown:Release (This=0xb7fb38) returned 0x2 [0182.151] WbemDefPath:IUnknown:Release (This=0xb7fb38) returned 0x1 [0182.151] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.151] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.151] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fb38, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fb38) returned 0x0 [0182.151] WbemDefPath:IUnknown:AddRef (This=0xb7fb38) returned 0x3 [0182.151] WbemDefPath:IUnknown:Release (This=0xb7fb38) returned 0x2 [0182.151] WbemDefPath:IWbemPath:SetText (This=0xb7fb38, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3680\"") returned 0x0 [0182.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.152] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.152] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6fa4*=0, plFlavor=0x6bd6fa8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe60, varVal2=0x0), pType=0x6bd6fa4*=19, plFlavor=0x6bd6fa8*=0) returned 0x0 [0182.152] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd6fa4*=19, plFlavor=0x6bd6fa8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe60, varVal2=0x0), pType=0x6bd6fa4*=19, plFlavor=0x6bd6fa8*=0) returned 0x0 [0182.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.152] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.152] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.152] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd70f0*=0, plFlavor=0x6bd70f4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x6bd70f0*=8, plFlavor=0x6bd70f4*=0) returned 0x0 [0182.152] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd70f0*=8, plFlavor=0x6bd70f4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x6bd70f0*=8, plFlavor=0x6bd70f4*=0) returned 0x0 [0182.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.153] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.153] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.153] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7264*=0, plFlavor=0x6bd7268*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\far.exe\" ", varVal2=0x0), pType=0x6bd7264*=8, plFlavor=0x6bd7268*=0) returned 0x0 [0182.153] IWbemClassObject:Get (in: This=0xe31b9c0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7264*=8, plFlavor=0x6bd7268*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\far.exe\" ", varVal2=0x0), pType=0x6bd7264*=8, plFlavor=0x6bd7268*=0) returned 0x0 [0182.153] CoTaskMemAlloc (cb=0x4) returned 0xc16398 [0182.153] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16398, puReturned=0x6bb7a50 | out: apObjects=0xc16398*=0xe31c680, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.154] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c680) returned 0x0 [0182.154] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.154] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.154] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.155] IUnknown:AddRef (This=0xe31c680) returned 0x3 [0182.155] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.155] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.155] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c684) returned 0x0 [0182.155] IMarshal:GetUnmarshalClass (in: This=0xe31c684, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.155] IUnknown:Release (This=0xe31c684) returned 0x3 [0182.155] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.155] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.155] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.155] IUnknown:Release (This=0xe31c680) returned 0x2 [0182.155] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.155] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.155] IUnknown:QueryInterface (in: This=0xe31c680, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c680) returned 0x0 [0182.156] IUnknown:AddRef (This=0xe31c680) returned 0x4 [0182.156] IUnknown:Release (This=0xe31c680) returned 0x3 [0182.156] IUnknown:Release (This=0xe31c680) returned 0x2 [0182.156] CoTaskMemFree (pv=0xc16398) [0182.156] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.156] IUnknown:AddRef (This=0xe31c680) returned 0x3 [0182.156] IWbemClassObject:Get (in: This=0xe31c680, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.156] IWbemClassObject:Get (in: This=0xe31c680, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.156] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.156] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.157] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.157] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.158] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16408) returned 0x0 [0182.158] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16408, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.158] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16408, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb802a8) returned 0x0 [0182.158] WbemDefPath:IUnknown:Release (This=0xc16408) returned 0x0 [0182.158] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb802a8) returned 0x0 [0182.158] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.158] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.159] WbemDefPath:IUnknown:AddRef (This=0xb802a8) returned 0x3 [0182.159] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.159] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.159] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe320d48) returned 0x0 [0182.159] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe320d48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.159] WbemDefPath:IUnknown:Release (This=0xe320d48) returned 0x3 [0182.159] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.159] CoGetContextToken (in: pToken=0x18e258 | out: pToken=0x18e258) returned 0x0 [0182.160] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.160] WbemDefPath:IUnknown:Release (This=0xb802a8) returned 0x2 [0182.160] WbemDefPath:IUnknown:Release (This=0xb802a8) returned 0x1 [0182.160] CoGetContextToken (in: pToken=0x18ebf0 | out: pToken=0x18ebf0) returned 0x0 [0182.160] CoGetContextToken (in: pToken=0x18eb50 | out: pToken=0x18eb50) returned 0x0 [0182.160] WbemDefPath:IUnknown:QueryInterface (in: This=0xb802a8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb802a8) returned 0x0 [0182.160] WbemDefPath:IUnknown:AddRef (This=0xb802a8) returned 0x3 [0182.160] WbemDefPath:IUnknown:Release (This=0xb802a8) returned 0x2 [0182.160] WbemDefPath:IWbemPath:SetText (This=0xb802a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3696\"") returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.160] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.161] IWbemClassObject:Get (in: This=0xe31c680, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7c8c*=0, plFlavor=0x6bd7c90*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe70, varVal2=0x0), pType=0x6bd7c8c*=19, plFlavor=0x6bd7c90*=0) returned 0x0 [0182.161] IWbemClassObject:Get (in: This=0xe31c680, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7c8c*=19, plFlavor=0x6bd7c90*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe70, varVal2=0x0), pType=0x6bd7c8c*=19, plFlavor=0x6bd7c90*=0) returned 0x0 [0182.161] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.161] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.161] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.161] IWbemClassObject:Get (in: This=0xe31c680, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7dd8*=0, plFlavor=0x6bd7ddc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x6bd7dd8*=8, plFlavor=0x6bd7ddc*=0) returned 0x0 [0182.161] IWbemClassObject:Get (in: This=0xe31c680, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7dd8*=8, plFlavor=0x6bd7ddc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x6bd7dd8*=8, plFlavor=0x6bd7ddc*=0) returned 0x0 [0182.161] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.161] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.162] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.162] IWbemClassObject:Get (in: This=0xe31c680, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7f64*=0, plFlavor=0x6bd7f68*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\filezilla.exe\" ", varVal2=0x0), pType=0x6bd7f64*=8, plFlavor=0x6bd7f68*=0) returned 0x0 [0182.162] IWbemClassObject:Get (in: This=0xe31c680, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd7f64*=8, plFlavor=0x6bd7f68*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\filezilla.exe\" ", varVal2=0x0), pType=0x6bd7f64*=8, plFlavor=0x6bd7f68*=0) returned 0x0 [0182.162] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0182.162] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe31bb58, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.163] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31bb58) returned 0x0 [0182.163] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.163] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.163] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.163] IUnknown:AddRef (This=0xe31bb58) returned 0x3 [0182.164] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.164] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.164] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31bb5c) returned 0x0 [0182.164] IMarshal:GetUnmarshalClass (in: This=0xe31bb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.164] IUnknown:Release (This=0xe31bb5c) returned 0x3 [0182.164] CoGetContextToken (in: pToken=0x18dd00 | out: pToken=0x18dd00) returned 0x0 [0182.164] CoGetContextToken (in: pToken=0x18e108 | out: pToken=0x18e108) returned 0x0 [0182.164] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.164] IUnknown:Release (This=0xe31bb58) returned 0x2 [0182.164] CoGetContextToken (in: pToken=0x18e6e0 | out: pToken=0x18e6e0) returned 0x0 [0182.164] CoGetContextToken (in: pToken=0x18e640 | out: pToken=0x18e640) returned 0x0 [0182.164] IUnknown:QueryInterface (in: This=0xe31bb58, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31bb58) returned 0x0 [0182.164] IUnknown:AddRef (This=0xe31bb58) returned 0x4 [0182.164] IUnknown:Release (This=0xe31bb58) returned 0x3 [0182.164] IUnknown:Release (This=0xe31bb58) returned 0x2 [0182.165] CoTaskMemFree (pv=0xc16588) [0182.165] CoGetContextToken (in: pToken=0x18ea50 | out: pToken=0x18ea50) returned 0x0 [0182.165] IUnknown:AddRef (This=0xe31bb58) returned 0x3 [0182.165] IWbemClassObject:Get (in: This=0xe31bb58, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.165] IWbemClassObject:Get (in: This=0xe31bb58, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.165] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.165] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.165] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.165] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.166] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.167] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7ff28) returned 0x0 [0182.167] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7ff28) returned 0x0 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.167] WbemDefPath:IUnknown:AddRef (This=0xb7ff28) returned 0x3 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.167] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3210d8) returned 0x0 [0182.168] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3210d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.168] WbemDefPath:IUnknown:Release (This=0xe3210d8) returned 0x3 [0182.168] CoGetContextToken (in: pToken=0x18de50 | out: pToken=0x18de50) returned 0x0 [0182.168] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.168] WbemDefPath:IUnknown:Release (This=0xb7ff28) returned 0x2 [0182.168] WbemDefPath:IUnknown:Release (This=0xb7ff28) returned 0x1 [0182.168] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7ff28, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7ff28) returned 0x0 [0182.168] WbemDefPath:IUnknown:AddRef (This=0xb7ff28) returned 0x3 [0182.168] WbemDefPath:IUnknown:Release (This=0xb7ff28) returned 0x2 [0182.168] WbemDefPath:IWbemPath:SetText (This=0xb7ff28, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3708\"") returned 0x0 [0182.168] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.168] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.168] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.169] IWbemClassObject:Get (in: This=0xe31bb58, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd89e0*=0, plFlavor=0x6bd89e4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe7c, varVal2=0x0), pType=0x6bd89e0*=19, plFlavor=0x6bd89e4*=0) returned 0x0 [0182.169] IWbemClassObject:Get (in: This=0xe31bb58, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd89e0*=19, plFlavor=0x6bd89e4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe7c, varVal2=0x0), pType=0x6bd89e0*=19, plFlavor=0x6bd89e4*=0) returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.169] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.169] IWbemClassObject:Get (in: This=0xe31bb58, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd8b2c*=0, plFlavor=0x6bd8b30*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x6bd8b2c*=8, plFlavor=0x6bd8b30*=0) returned 0x0 [0182.169] IWbemClassObject:Get (in: This=0xe31bb58, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd8b2c*=8, plFlavor=0x6bd8b30*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x6bd8b2c*=8, plFlavor=0x6bd8b30*=0) returned 0x0 [0182.170] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.170] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.170] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.170] IWbemClassObject:Get (in: This=0xe31bb58, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd8cb8*=0, plFlavor=0x6bd8cbc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Journal\\flashfxp.exe\" ", varVal2=0x0), pType=0x6bd8cb8*=8, plFlavor=0x6bd8cbc*=0) returned 0x0 [0182.170] IWbemClassObject:Get (in: This=0xe31bb58, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd8cb8*=8, plFlavor=0x6bd8cbc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Journal\\flashfxp.exe\" ", varVal2=0x0), pType=0x6bd8cb8*=8, plFlavor=0x6bd8cbc*=0) returned 0x0 [0182.170] CoTaskMemAlloc (cb=0x4) returned 0xc16538 [0182.170] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16538, puReturned=0x6bb7a50 | out: apObjects=0xc16538*=0xe31c818, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.171] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c818) returned 0x0 [0182.171] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.171] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.171] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.172] IUnknown:AddRef (This=0xe31c818) returned 0x3 [0182.172] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.172] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.172] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c81c) returned 0x0 [0182.172] IMarshal:GetUnmarshalClass (in: This=0xe31c81c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.172] IUnknown:Release (This=0xe31c81c) returned 0x3 [0182.172] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.172] IUnknown:Release (This=0xe31c818) returned 0x2 [0182.172] IUnknown:QueryInterface (in: This=0xe31c818, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c818) returned 0x0 [0182.172] IUnknown:AddRef (This=0xe31c818) returned 0x4 [0182.172] IUnknown:Release (This=0xe31c818) returned 0x3 [0182.172] IUnknown:Release (This=0xe31c818) returned 0x2 [0182.172] CoTaskMemFree (pv=0xc16538) [0182.173] IUnknown:AddRef (This=0xe31c818) returned 0x3 [0182.173] IWbemClassObject:Get (in: This=0xe31c818, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.173] IWbemClassObject:Get (in: This=0xe31c818, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.173] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.173] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.173] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.173] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.174] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0182.174] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.174] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb7fac8) returned 0x0 [0182.175] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb7fac8) returned 0x0 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.175] WbemDefPath:IUnknown:AddRef (This=0xb7fac8) returned 0x3 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.175] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe321210) returned 0x0 [0182.176] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe321210, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.176] WbemDefPath:IUnknown:Release (This=0xe321210) returned 0x3 [0182.176] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.176] WbemDefPath:IUnknown:Release (This=0xb7fac8) returned 0x2 [0182.176] WbemDefPath:IUnknown:Release (This=0xb7fac8) returned 0x1 [0182.176] WbemDefPath:IUnknown:QueryInterface (in: This=0xb7fac8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb7fac8) returned 0x0 [0182.176] WbemDefPath:IUnknown:AddRef (This=0xb7fac8) returned 0x3 [0182.176] WbemDefPath:IUnknown:Release (This=0xb7fac8) returned 0x2 [0182.176] WbemDefPath:IWbemPath:SetText (This=0xb7fac8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3720\"") returned 0x0 [0182.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.176] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.176] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.177] IWbemClassObject:Get (in: This=0xe31c818, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9748*=0, plFlavor=0x6bd974c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe88, varVal2=0x0), pType=0x6bd9748*=19, plFlavor=0x6bd974c*=0) returned 0x0 [0182.177] IWbemClassObject:Get (in: This=0xe31c818, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9748*=19, plFlavor=0x6bd974c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe88, varVal2=0x0), pType=0x6bd9748*=19, plFlavor=0x6bd974c*=0) returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.177] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.177] IWbemClassObject:Get (in: This=0xe31c818, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9894*=0, plFlavor=0x6bd9898*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x6bd9894*=8, plFlavor=0x6bd9898*=0) returned 0x0 [0182.177] IWbemClassObject:Get (in: This=0xe31c818, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9894*=8, plFlavor=0x6bd9898*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x6bd9894*=8, plFlavor=0x6bd9898*=0) returned 0x0 [0182.178] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.178] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.178] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.178] IWbemClassObject:Get (in: This=0xe31c818, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9a10*=0, plFlavor=0x6bd9a14*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\fling.exe\" ", varVal2=0x0), pType=0x6bd9a10*=8, plFlavor=0x6bd9a14*=0) returned 0x0 [0182.178] IWbemClassObject:Get (in: This=0xe31c818, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bd9a10*=8, plFlavor=0x6bd9a14*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\fling.exe\" ", varVal2=0x0), pType=0x6bd9a10*=8, plFlavor=0x6bd9a14*=0) returned 0x0 [0182.178] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0182.178] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6bb7a50 | out: apObjects=0xc16408*=0xe31bcf0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.755] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31bcf0) returned 0x0 [0182.755] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.755] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.755] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.756] IUnknown:AddRef (This=0xe31bcf0) returned 0x3 [0182.756] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.756] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.756] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31bcf4) returned 0x0 [0182.756] IMarshal:GetUnmarshalClass (in: This=0xe31bcf4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.756] IUnknown:Release (This=0xe31bcf4) returned 0x3 [0182.756] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.756] IUnknown:Release (This=0xe31bcf0) returned 0x2 [0182.756] IUnknown:QueryInterface (in: This=0xe31bcf0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31bcf0) returned 0x0 [0182.756] IUnknown:AddRef (This=0xe31bcf0) returned 0x4 [0182.757] IUnknown:Release (This=0xe31bcf0) returned 0x3 [0182.757] IUnknown:Release (This=0xe31bcf0) returned 0x2 [0182.757] CoTaskMemFree (pv=0xc16408) [0182.757] IUnknown:AddRef (This=0xe31bcf0) returned 0x3 [0182.757] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.757] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.757] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.757] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.757] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.757] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.759] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0182.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xc164b8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.759] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc164b8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80318) returned 0x0 [0182.759] WbemDefPath:IUnknown:Release (This=0xc164b8) returned 0x0 [0182.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80318) returned 0x0 [0182.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.759] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.760] WbemDefPath:IUnknown:AddRef (This=0xb80318) returned 0x3 [0182.760] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.760] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.760] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32cdc0) returned 0x0 [0182.760] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32cdc0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.760] WbemDefPath:IUnknown:Release (This=0xe32cdc0) returned 0x3 [0182.760] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.760] WbemDefPath:IUnknown:Release (This=0xb80318) returned 0x2 [0182.760] WbemDefPath:IUnknown:Release (This=0xb80318) returned 0x1 [0182.760] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80318, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80318) returned 0x0 [0182.761] WbemDefPath:IUnknown:AddRef (This=0xb80318) returned 0x3 [0182.761] WbemDefPath:IUnknown:Release (This=0xb80318) returned 0x2 [0182.761] WbemDefPath:IWbemPath:SetText (This=0xb80318, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3732\"") returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.761] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda4f0*=0, plFlavor=0x6bda4f4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe94, varVal2=0x0), pType=0x6bda4f0*=19, plFlavor=0x6bda4f4*=0) returned 0x0 [0182.761] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda4f0*=19, plFlavor=0x6bda4f4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe94, varVal2=0x0), pType=0x6bda4f0*=19, plFlavor=0x6bda4f4*=0) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.761] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.762] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.762] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda63c*=0, plFlavor=0x6bda640*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x6bda63c*=8, plFlavor=0x6bda640*=0) returned 0x0 [0182.762] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda63c*=8, plFlavor=0x6bda640*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x6bda63c*=8, plFlavor=0x6bda640*=0) returned 0x0 [0182.762] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.762] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.762] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.762] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda7e0*=0, plFlavor=0x6bda7e4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\foxmailincmail.exe\" ", varVal2=0x0), pType=0x6bda7e0*=8, plFlavor=0x6bda7e4*=0) returned 0x0 [0182.762] IWbemClassObject:Get (in: This=0xe31bcf0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bda7e0*=8, plFlavor=0x6bda7e4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\foxmailincmail.exe\" ", varVal2=0x0), pType=0x6bda7e0*=8, plFlavor=0x6bda7e4*=0) returned 0x0 [0182.762] CoTaskMemAlloc (cb=0x4) returned 0xc163e8 [0182.762] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163e8, puReturned=0x6bb7a50 | out: apObjects=0xc163e8*=0xe31be88, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31be88) returned 0x0 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.764] IUnknown:AddRef (This=0xe31be88) returned 0x3 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.764] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31be8c) returned 0x0 [0182.764] IMarshal:GetUnmarshalClass (in: This=0xe31be8c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.765] IUnknown:Release (This=0xe31be8c) returned 0x3 [0182.765] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.765] IUnknown:Release (This=0xe31be88) returned 0x2 [0182.765] IUnknown:QueryInterface (in: This=0xe31be88, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31be88) returned 0x0 [0182.765] IUnknown:AddRef (This=0xe31be88) returned 0x4 [0182.765] IUnknown:Release (This=0xe31be88) returned 0x3 [0182.765] IUnknown:Release (This=0xe31be88) returned 0x2 [0182.765] CoTaskMemFree (pv=0xc163e8) [0182.765] IUnknown:AddRef (This=0xe31be88) returned 0x3 [0182.765] IWbemClassObject:Get (in: This=0xe31be88, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.765] IWbemClassObject:Get (in: This=0xe31be88, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.766] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.766] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.766] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.766] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.767] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0182.767] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.767] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb803f8) returned 0x0 [0182.767] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb803f8) returned 0x0 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.768] WbemDefPath:IUnknown:AddRef (This=0xb803f8) returned 0x3 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.768] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32cda8) returned 0x0 [0182.768] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32cda8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.768] WbemDefPath:IUnknown:Release (This=0xe32cda8) returned 0x3 [0182.769] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.769] WbemDefPath:IUnknown:Release (This=0xb803f8) returned 0x2 [0182.769] WbemDefPath:IUnknown:Release (This=0xb803f8) returned 0x1 [0182.769] WbemDefPath:IUnknown:QueryInterface (in: This=0xb803f8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb803f8) returned 0x0 [0182.769] WbemDefPath:IUnknown:AddRef (This=0xb803f8) returned 0x3 [0182.769] WbemDefPath:IUnknown:Release (This=0xb803f8) returned 0x2 [0182.769] WbemDefPath:IWbemPath:SetText (This=0xb803f8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3744\"") returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.769] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.770] IWbemClassObject:Get (in: This=0xe31be88, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb2c8*=0, plFlavor=0x6bdb2cc*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xea0, varVal2=0x0), pType=0x6bdb2c8*=19, plFlavor=0x6bdb2cc*=0) returned 0x0 [0182.770] IWbemClassObject:Get (in: This=0xe31be88, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb2c8*=19, plFlavor=0x6bdb2cc*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xea0, varVal2=0x0), pType=0x6bdb2c8*=19, plFlavor=0x6bdb2cc*=0) returned 0x0 [0182.770] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.770] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.770] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.770] IWbemClassObject:Get (in: This=0xe31be88, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb414*=0, plFlavor=0x6bdb418*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x6bdb414*=8, plFlavor=0x6bdb418*=0) returned 0x0 [0182.770] IWbemClassObject:Get (in: This=0xe31be88, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb414*=8, plFlavor=0x6bdb418*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x6bdb414*=8, plFlavor=0x6bdb418*=0) returned 0x0 [0182.770] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.770] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.816] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.816] IWbemClassObject:Get (in: This=0xe31be88, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb5c0*=0, plFlavor=0x6bdb5c4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\gmailnotifierpro.exe\" ", varVal2=0x0), pType=0x6bdb5c0*=8, plFlavor=0x6bdb5c4*=0) returned 0x0 [0182.816] IWbemClassObject:Get (in: This=0xe31be88, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdb5c0*=8, plFlavor=0x6bdb5c4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\gmailnotifierpro.exe\" ", varVal2=0x0), pType=0x6bdb5c0*=8, plFlavor=0x6bdb5c4*=0) returned 0x0 [0182.816] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0182.816] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe31cce0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31cce0) returned 0x0 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.818] IUnknown:AddRef (This=0xe31cce0) returned 0x3 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.818] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.819] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31cce4) returned 0x0 [0182.819] IMarshal:GetUnmarshalClass (in: This=0xe31cce4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.819] IUnknown:Release (This=0xe31cce4) returned 0x3 [0182.819] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.819] IUnknown:Release (This=0xe31cce0) returned 0x2 [0182.819] IUnknown:QueryInterface (in: This=0xe31cce0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31cce0) returned 0x0 [0182.819] IUnknown:AddRef (This=0xe31cce0) returned 0x4 [0182.819] IUnknown:Release (This=0xe31cce0) returned 0x3 [0182.819] IUnknown:Release (This=0xe31cce0) returned 0x2 [0182.819] CoTaskMemFree (pv=0xc16488) [0182.820] IUnknown:AddRef (This=0xe31cce0) returned 0x3 [0182.820] IWbemClassObject:Get (in: This=0xe31cce0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.820] IWbemClassObject:Get (in: This=0xe31cce0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.820] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.820] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.820] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.820] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.821] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0182.822] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.822] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80708) returned 0x0 [0182.822] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0182.822] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80708) returned 0x0 [0182.822] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.822] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.823] WbemDefPath:IUnknown:AddRef (This=0xb80708) returned 0x3 [0182.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d0c0) returned 0x0 [0182.823] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d0c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.823] WbemDefPath:IUnknown:Release (This=0xe32d0c0) returned 0x3 [0182.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.823] WbemDefPath:IUnknown:Release (This=0xb80708) returned 0x2 [0182.823] WbemDefPath:IUnknown:Release (This=0xb80708) returned 0x1 [0182.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80708, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80708) returned 0x0 [0182.824] WbemDefPath:IUnknown:AddRef (This=0xb80708) returned 0x3 [0182.824] WbemDefPath:IUnknown:Release (This=0xb80708) returned 0x2 [0182.824] WbemDefPath:IWbemPath:SetText (This=0xb80708, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3760\"") returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.824] IWbemClassObject:Get (in: This=0xe31cce0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc04c*=0, plFlavor=0x6bdc050*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xeb0, varVal2=0x0), pType=0x6bdc04c*=19, plFlavor=0x6bdc050*=0) returned 0x0 [0182.824] IWbemClassObject:Get (in: This=0xe31cce0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc04c*=19, plFlavor=0x6bdc050*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xeb0, varVal2=0x0), pType=0x6bdc04c*=19, plFlavor=0x6bdc050*=0) returned 0x0 [0182.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.825] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.825] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.825] IWbemClassObject:Get (in: This=0xe31cce0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc198*=0, plFlavor=0x6bdc19c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x6bdc198*=8, plFlavor=0x6bdc19c*=0) returned 0x0 [0182.825] IWbemClassObject:Get (in: This=0xe31cce0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc198*=8, plFlavor=0x6bdc19c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x6bdc198*=8, plFlavor=0x6bdc19c*=0) returned 0x0 [0182.825] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.825] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.825] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.825] IWbemClassObject:Get (in: This=0xe31cce0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc30c*=0, plFlavor=0x6bdc310*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Mozilla Firefox\\icq.exe\" ", varVal2=0x0), pType=0x6bdc30c*=8, plFlavor=0x6bdc310*=0) returned 0x0 [0182.825] IWbemClassObject:Get (in: This=0xe31cce0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdc30c*=8, plFlavor=0x6bdc310*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Mozilla Firefox\\icq.exe\" ", varVal2=0x0), pType=0x6bdc30c*=8, plFlavor=0x6bdc310*=0) returned 0x0 [0182.825] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0182.826] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe31c020, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe31c020) returned 0x0 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.827] IUnknown:AddRef (This=0xe31c020) returned 0x3 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.827] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe31c024) returned 0x0 [0182.828] IMarshal:GetUnmarshalClass (in: This=0xe31c024, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.828] IUnknown:Release (This=0xe31c024) returned 0x3 [0182.828] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.828] IUnknown:Release (This=0xe31c020) returned 0x2 [0182.828] IUnknown:QueryInterface (in: This=0xe31c020, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe31c020) returned 0x0 [0182.828] IUnknown:AddRef (This=0xe31c020) returned 0x4 [0182.829] IUnknown:Release (This=0xe31c020) returned 0x3 [0182.829] IUnknown:Release (This=0xe31c020) returned 0x2 [0182.829] CoTaskMemFree (pv=0xc16588) [0182.829] IUnknown:AddRef (This=0xe31c020) returned 0x3 [0182.829] IWbemClassObject:Get (in: This=0xe31c020, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.829] IWbemClassObject:Get (in: This=0xe31c020, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.829] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.829] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.829] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.830] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.831] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0182.831] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.831] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80628) returned 0x0 [0182.831] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0182.831] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80628) returned 0x0 [0182.832] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.832] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.832] WbemDefPath:IUnknown:AddRef (This=0xb80628) returned 0x3 [0182.832] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.832] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.832] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32cf70) returned 0x0 [0182.832] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32cf70, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.832] WbemDefPath:IUnknown:Release (This=0xe32cf70) returned 0x3 [0182.833] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.833] WbemDefPath:IUnknown:Release (This=0xb80628) returned 0x2 [0182.833] WbemDefPath:IUnknown:Release (This=0xb80628) returned 0x1 [0182.833] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80628, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80628) returned 0x0 [0182.833] WbemDefPath:IUnknown:AddRef (This=0xb80628) returned 0x3 [0182.833] WbemDefPath:IUnknown:Release (This=0xb80628) returned 0x2 [0182.834] WbemDefPath:IWbemPath:SetText (This=0xb80628, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.834] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.834] IWbemClassObject:Get (in: This=0xe31c020, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdcd94*=0, plFlavor=0x6bdcd98*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xebc, varVal2=0x0), pType=0x6bdcd94*=19, plFlavor=0x6bdcd98*=0) returned 0x0 [0182.834] IWbemClassObject:Get (in: This=0xe31c020, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdcd94*=19, plFlavor=0x6bdcd98*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xebc, varVal2=0x0), pType=0x6bdcd94*=19, plFlavor=0x6bdcd98*=0) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.835] IWbemClassObject:Get (in: This=0xe31c020, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdcee0*=0, plFlavor=0x6bdcee4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x6bdcee0*=8, plFlavor=0x6bdcee4*=0) returned 0x0 [0182.835] IWbemClassObject:Get (in: This=0xe31c020, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdcee0*=8, plFlavor=0x6bdcee4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x6bdcee0*=8, plFlavor=0x6bdcee4*=0) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.835] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.835] IWbemClassObject:Get (in: This=0xe31c020, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdd06c*=0, plFlavor=0x6bdd070*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\leechftp.exe\" ", varVal2=0x0), pType=0x6bdd06c*=8, plFlavor=0x6bdd070*=0) returned 0x0 [0182.835] IWbemClassObject:Get (in: This=0xe31c020, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdd06c*=8, plFlavor=0x6bdd070*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\leechftp.exe\" ", varVal2=0x0), pType=0x6bdd06c*=8, plFlavor=0x6bdd070*=0) returned 0x0 [0182.836] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0182.836] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30a9f8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a9f8) returned 0x0 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.837] IUnknown:AddRef (This=0xe30a9f8) returned 0x3 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.837] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.838] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a9fc) returned 0x0 [0182.838] IMarshal:GetUnmarshalClass (in: This=0xe30a9fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.838] IUnknown:Release (This=0xe30a9fc) returned 0x3 [0182.838] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.838] IUnknown:Release (This=0xe30a9f8) returned 0x2 [0182.838] IUnknown:QueryInterface (in: This=0xe30a9f8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a9f8) returned 0x0 [0182.838] IUnknown:AddRef (This=0xe30a9f8) returned 0x4 [0182.838] IUnknown:Release (This=0xe30a9f8) returned 0x3 [0182.838] IUnknown:Release (This=0xe30a9f8) returned 0x2 [0182.838] CoTaskMemFree (pv=0xc16588) [0182.838] IUnknown:AddRef (This=0xe30a9f8) returned 0x3 [0182.839] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.839] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.839] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.839] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.839] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.839] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.840] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0182.840] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.840] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb805b8) returned 0x0 [0182.841] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb805b8) returned 0x0 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.841] WbemDefPath:IUnknown:AddRef (This=0xb805b8) returned 0x3 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.841] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d330) returned 0x0 [0182.841] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d330, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.841] WbemDefPath:IUnknown:Release (This=0xe32d330) returned 0x3 [0182.842] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.842] WbemDefPath:IUnknown:Release (This=0xb805b8) returned 0x2 [0182.842] WbemDefPath:IUnknown:Release (This=0xb805b8) returned 0x1 [0182.842] WbemDefPath:IUnknown:QueryInterface (in: This=0xb805b8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb805b8) returned 0x0 [0182.842] WbemDefPath:IUnknown:AddRef (This=0xb805b8) returned 0x3 [0182.842] WbemDefPath:IUnknown:Release (This=0xb805b8) returned 0x2 [0182.842] WbemDefPath:IWbemPath:SetText (This=0xb805b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x0 [0182.842] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.842] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.842] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.843] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bddb2c*=0, plFlavor=0x6bddb30*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xec8, varVal2=0x0), pType=0x6bddb2c*=19, plFlavor=0x6bddb30*=0) returned 0x0 [0182.843] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bddb2c*=19, plFlavor=0x6bddb30*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xec8, varVal2=0x0), pType=0x6bddb2c*=19, plFlavor=0x6bddb30*=0) returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.843] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.843] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bddc78*=0, plFlavor=0x6bddc7c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x6bddc78*=8, plFlavor=0x6bddc7c*=0) returned 0x0 [0182.843] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bddc78*=8, plFlavor=0x6bddc7c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x6bddc78*=8, plFlavor=0x6bddc7c*=0) returned 0x0 [0182.844] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.844] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.844] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.844] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdddf4*=0, plFlavor=0x6bdddf8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\ncftp.exe\" ", varVal2=0x0), pType=0x6bdddf4*=8, plFlavor=0x6bdddf8*=0) returned 0x0 [0182.844] IWbemClassObject:Get (in: This=0xe30a9f8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdddf4*=8, plFlavor=0x6bdddf8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\ncftp.exe\" ", varVal2=0x0), pType=0x6bdddf4*=8, plFlavor=0x6bdddf8*=0) returned 0x0 [0182.844] CoTaskMemAlloc (cb=0x4) returned 0xc16538 [0182.844] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16538, puReturned=0x6bb7a50 | out: apObjects=0xc16538*=0xe30a200, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.881] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a200) returned 0x0 [0182.881] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.881] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.881] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.882] IUnknown:AddRef (This=0xe30a200) returned 0x3 [0182.882] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.882] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.882] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a204) returned 0x0 [0182.882] IMarshal:GetUnmarshalClass (in: This=0xe30a204, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.882] IUnknown:Release (This=0xe30a204) returned 0x3 [0182.882] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.883] IUnknown:Release (This=0xe30a200) returned 0x2 [0182.883] IUnknown:QueryInterface (in: This=0xe30a200, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a200) returned 0x0 [0182.883] IUnknown:AddRef (This=0xe30a200) returned 0x4 [0182.883] IUnknown:Release (This=0xe30a200) returned 0x3 [0182.883] IUnknown:Release (This=0xe30a200) returned 0x2 [0182.883] CoTaskMemFree (pv=0xc16538) [0182.883] IUnknown:AddRef (This=0xe30a200) returned 0x3 [0182.883] IWbemClassObject:Get (in: This=0xe30a200, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.883] IWbemClassObject:Get (in: This=0xe30a200, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.884] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.884] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.884] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.884] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.885] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0182.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.886] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xb80698) returned 0x0 [0182.886] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0182.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xb80698) returned 0x0 [0182.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.886] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.887] WbemDefPath:IUnknown:AddRef (This=0xb80698) returned 0x3 [0182.887] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.887] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.887] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d2b8) returned 0x0 [0182.887] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d2b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.887] WbemDefPath:IUnknown:Release (This=0xe32d2b8) returned 0x3 [0182.887] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.887] WbemDefPath:IUnknown:Release (This=0xb80698) returned 0x2 [0182.888] WbemDefPath:IUnknown:Release (This=0xb80698) returned 0x1 [0182.888] WbemDefPath:IUnknown:QueryInterface (in: This=0xb80698, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xb80698) returned 0x0 [0182.888] WbemDefPath:IUnknown:AddRef (This=0xb80698) returned 0x3 [0182.888] WbemDefPath:IUnknown:Release (This=0xb80698) returned 0x2 [0182.888] WbemDefPath:IWbemPath:SetText (This=0xb80698, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3800\"") returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.888] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.889] IWbemClassObject:Get (in: This=0xe30a200, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bde874*=0, plFlavor=0x6bde878*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xed8, varVal2=0x0), pType=0x6bde874*=19, plFlavor=0x6bde878*=0) returned 0x0 [0182.889] IWbemClassObject:Get (in: This=0xe30a200, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bde874*=19, plFlavor=0x6bde878*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xed8, varVal2=0x0), pType=0x6bde874*=19, plFlavor=0x6bde878*=0) returned 0x0 [0182.889] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.889] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.889] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.889] IWbemClassObject:Get (in: This=0xe30a200, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bde9c0*=0, plFlavor=0x6bde9c4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x6bde9c0*=8, plFlavor=0x6bde9c4*=0) returned 0x0 [0182.889] IWbemClassObject:Get (in: This=0xe30a200, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bde9c0*=8, plFlavor=0x6bde9c4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x6bde9c0*=8, plFlavor=0x6bde9c4*=0) returned 0x0 [0182.890] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.890] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.890] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.890] IWbemClassObject:Get (in: This=0xe30a200, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdeb44*=0, plFlavor=0x6bdeb48*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\notepad.exe\" ", varVal2=0x0), pType=0x6bdeb44*=8, plFlavor=0x6bdeb48*=0) returned 0x0 [0182.890] IWbemClassObject:Get (in: This=0xe30a200, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdeb44*=8, plFlavor=0x6bdeb48*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\notepad.exe\" ", varVal2=0x0), pType=0x6bdeb44*=8, plFlavor=0x6bdeb48*=0) returned 0x0 [0182.890] CoTaskMemAlloc (cb=0x4) returned 0xc16498 [0182.890] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16498, puReturned=0x6bb7a50 | out: apObjects=0xc16498*=0xe30b388, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.891] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b388) returned 0x0 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.892] IUnknown:AddRef (This=0xe30b388) returned 0x3 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b38c) returned 0x0 [0182.892] IMarshal:GetUnmarshalClass (in: This=0xe30b38c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.892] IUnknown:Release (This=0xe30b38c) returned 0x3 [0182.892] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.893] IUnknown:Release (This=0xe30b388) returned 0x2 [0182.893] IUnknown:QueryInterface (in: This=0xe30b388, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b388) returned 0x0 [0182.893] IUnknown:AddRef (This=0xe30b388) returned 0x4 [0182.893] IUnknown:Release (This=0xe30b388) returned 0x3 [0182.893] IUnknown:Release (This=0xe30b388) returned 0x2 [0182.893] CoTaskMemFree (pv=0xc16498) [0182.893] IUnknown:AddRef (This=0xe30b388) returned 0x3 [0182.893] IWbemClassObject:Get (in: This=0xe30b388, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.893] IWbemClassObject:Get (in: This=0xe30b388, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.894] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.894] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.894] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.894] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.895] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0182.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.895] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324998) returned 0x0 [0182.895] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0182.895] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324998) returned 0x0 [0182.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.896] WbemDefPath:IUnknown:AddRef (This=0xe324998) returned 0x3 [0182.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.896] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d630) returned 0x0 [0182.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d630, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.896] WbemDefPath:IUnknown:Release (This=0xe32d630) returned 0x3 [0182.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.897] WbemDefPath:IUnknown:Release (This=0xe324998) returned 0x2 [0182.897] WbemDefPath:IUnknown:Release (This=0xe324998) returned 0x1 [0182.897] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324998, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324998) returned 0x0 [0182.897] WbemDefPath:IUnknown:AddRef (This=0xe324998) returned 0x3 [0182.897] WbemDefPath:IUnknown:Release (This=0xe324998) returned 0x2 [0182.897] WbemDefPath:IWbemPath:SetText (This=0xe324998, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3808\"") returned 0x0 [0182.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.897] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.898] IWbemClassObject:Get (in: This=0xe30b388, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf5b0*=0, plFlavor=0x6bdf5b4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xee0, varVal2=0x0), pType=0x6bdf5b0*=19, plFlavor=0x6bdf5b4*=0) returned 0x0 [0182.898] IWbemClassObject:Get (in: This=0xe30b388, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf5b0*=19, plFlavor=0x6bdf5b4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xee0, varVal2=0x0), pType=0x6bdf5b0*=19, plFlavor=0x6bdf5b4*=0) returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.898] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.898] IWbemClassObject:Get (in: This=0xe30b388, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf6fc*=0, plFlavor=0x6bdf700*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x6bdf6fc*=8, plFlavor=0x6bdf700*=0) returned 0x0 [0182.898] IWbemClassObject:Get (in: This=0xe30b388, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf6fc*=8, plFlavor=0x6bdf700*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x6bdf6fc*=8, plFlavor=0x6bdf700*=0) returned 0x0 [0182.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.899] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.899] IWbemClassObject:Get (in: This=0xe30b388, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf888*=0, plFlavor=0x6bdf88c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\operamail.exe\" ", varVal2=0x0), pType=0x6bdf888*=8, plFlavor=0x6bdf88c*=0) returned 0x0 [0182.899] IWbemClassObject:Get (in: This=0xe30b388, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bdf888*=8, plFlavor=0x6bdf88c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Defender\\operamail.exe\" ", varVal2=0x0), pType=0x6bdf888*=8, plFlavor=0x6bdf88c*=0) returned 0x0 [0182.899] CoTaskMemAlloc (cb=0x4) returned 0xc163e8 [0182.899] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163e8, puReturned=0x6bb7a50 | out: apObjects=0xc163e8*=0xe30ab90, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.900] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30ab90) returned 0x0 [0182.900] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.900] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.900] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.901] IUnknown:AddRef (This=0xe30ab90) returned 0x3 [0182.901] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.901] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.901] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30ab94) returned 0x0 [0182.901] IMarshal:GetUnmarshalClass (in: This=0xe30ab94, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.901] IUnknown:Release (This=0xe30ab94) returned 0x3 [0182.901] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.901] IUnknown:Release (This=0xe30ab90) returned 0x2 [0182.901] IUnknown:QueryInterface (in: This=0xe30ab90, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30ab90) returned 0x0 [0182.902] IUnknown:AddRef (This=0xe30ab90) returned 0x4 [0182.902] IUnknown:Release (This=0xe30ab90) returned 0x3 [0182.902] IUnknown:Release (This=0xe30ab90) returned 0x2 [0182.902] CoTaskMemFree (pv=0xc163e8) [0182.902] IUnknown:AddRef (This=0xe30ab90) returned 0x3 [0182.902] IWbemClassObject:Get (in: This=0xe30ab90, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.902] IWbemClassObject:Get (in: This=0xe30ab90, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.902] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.902] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.902] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.902] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.903] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16418) returned 0x0 [0182.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.904] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16418, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324a08) returned 0x0 [0182.904] WbemDefPath:IUnknown:Release (This=0xc16418) returned 0x0 [0182.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324a08) returned 0x0 [0182.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.904] WbemDefPath:IUnknown:AddRef (This=0xe324a08) returned 0x3 [0182.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d7e0) returned 0x0 [0182.905] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d7e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.905] WbemDefPath:IUnknown:Release (This=0xe32d7e0) returned 0x3 [0182.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.905] WbemDefPath:IUnknown:Release (This=0xe324a08) returned 0x2 [0182.905] WbemDefPath:IUnknown:Release (This=0xe324a08) returned 0x1 [0182.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a08, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324a08) returned 0x0 [0182.905] WbemDefPath:IUnknown:AddRef (This=0xe324a08) returned 0x3 [0182.905] WbemDefPath:IUnknown:Release (This=0xe324a08) returned 0x2 [0182.905] WbemDefPath:IWbemPath:SetText (This=0xe324a08, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3820\"") returned 0x0 [0182.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.905] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.906] IWbemClassObject:Get (in: This=0xe30ab90, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be034c*=0, plFlavor=0x6be0350*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xeec, varVal2=0x0), pType=0x6be034c*=19, plFlavor=0x6be0350*=0) returned 0x0 [0182.906] IWbemClassObject:Get (in: This=0xe30ab90, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be034c*=19, plFlavor=0x6be0350*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xeec, varVal2=0x0), pType=0x6be034c*=19, plFlavor=0x6be0350*=0) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.906] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.906] IWbemClassObject:Get (in: This=0xe30ab90, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be0498*=0, plFlavor=0x6be049c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x6be0498*=8, plFlavor=0x6be049c*=0) returned 0x0 [0182.906] IWbemClassObject:Get (in: This=0xe30ab90, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be0498*=8, plFlavor=0x6be049c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x6be0498*=8, plFlavor=0x6be049c*=0) returned 0x0 [0182.907] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.907] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.907] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.907] IWbemClassObject:Get (in: This=0xe30ab90, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be061c*=0, plFlavor=0x6be0620*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\outlook.exe\" ", varVal2=0x0), pType=0x6be061c*=8, plFlavor=0x6be0620*=0) returned 0x0 [0182.907] IWbemClassObject:Get (in: This=0xe30ab90, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be061c*=8, plFlavor=0x6be0620*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\outlook.exe\" ", varVal2=0x0), pType=0x6be061c*=8, plFlavor=0x6be0620*=0) returned 0x0 [0182.907] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0182.907] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6bb7a50 | out: apObjects=0xc16468*=0xe30b058, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.908] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b058) returned 0x0 [0182.908] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.908] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.908] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.908] IUnknown:AddRef (This=0xe30b058) returned 0x3 [0182.909] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.909] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.909] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b05c) returned 0x0 [0182.909] IMarshal:GetUnmarshalClass (in: This=0xe30b05c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.909] IUnknown:Release (This=0xe30b05c) returned 0x3 [0182.909] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.909] IUnknown:Release (This=0xe30b058) returned 0x2 [0182.909] IUnknown:QueryInterface (in: This=0xe30b058, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b058) returned 0x0 [0182.909] IUnknown:AddRef (This=0xe30b058) returned 0x4 [0182.909] IUnknown:Release (This=0xe30b058) returned 0x3 [0182.910] IUnknown:Release (This=0xe30b058) returned 0x2 [0182.910] CoTaskMemFree (pv=0xc16468) [0182.910] IUnknown:AddRef (This=0xe30b058) returned 0x3 [0182.910] IWbemClassObject:Get (in: This=0xe30b058, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.910] IWbemClassObject:Get (in: This=0xe30b058, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.910] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.910] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.910] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.910] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.911] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0182.911] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.911] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324ae8) returned 0x0 [0182.911] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324ae8) returned 0x0 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.912] WbemDefPath:IUnknown:AddRef (This=0xe324ae8) returned 0x3 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.912] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32d888) returned 0x0 [0182.912] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32d888, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.912] WbemDefPath:IUnknown:Release (This=0xe32d888) returned 0x3 [0182.913] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.913] WbemDefPath:IUnknown:Release (This=0xe324ae8) returned 0x2 [0182.913] WbemDefPath:IUnknown:Release (This=0xe324ae8) returned 0x1 [0182.913] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ae8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324ae8) returned 0x0 [0182.913] WbemDefPath:IUnknown:AddRef (This=0xe324ae8) returned 0x3 [0182.913] WbemDefPath:IUnknown:Release (This=0xe324ae8) returned 0x2 [0182.913] WbemDefPath:IWbemPath:SetText (This=0xe324ae8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3828\"") returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.913] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.913] IWbemClassObject:Get (in: This=0xe30b058, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be10a0*=0, plFlavor=0x6be10a4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xef4, varVal2=0x0), pType=0x6be10a0*=19, plFlavor=0x6be10a4*=0) returned 0x0 [0182.914] IWbemClassObject:Get (in: This=0xe30b058, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be10a0*=19, plFlavor=0x6be10a4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xef4, varVal2=0x0), pType=0x6be10a0*=19, plFlavor=0x6be10a4*=0) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.914] IWbemClassObject:Get (in: This=0xe30b058, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be11ec*=0, plFlavor=0x6be11f0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x6be11ec*=8, plFlavor=0x6be11f0*=0) returned 0x0 [0182.914] IWbemClassObject:Get (in: This=0xe30b058, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be11ec*=8, plFlavor=0x6be11f0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x6be11ec*=8, plFlavor=0x6be11f0*=0) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.914] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.914] IWbemClassObject:Get (in: This=0xe30b058, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1370*=0, plFlavor=0x6be1374*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Mozilla Firefox\\pidgin.exe\" ", varVal2=0x0), pType=0x6be1370*=8, plFlavor=0x6be1374*=0) returned 0x0 [0182.914] IWbemClassObject:Get (in: This=0xe30b058, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1370*=8, plFlavor=0x6be1374*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Mozilla Firefox\\pidgin.exe\" ", varVal2=0x0), pType=0x6be1370*=8, plFlavor=0x6be1374*=0) returned 0x0 [0182.915] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0182.915] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30ad28, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30ad28) returned 0x0 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.958] IUnknown:AddRef (This=0xe30ad28) returned 0x3 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.958] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30ad2c) returned 0x0 [0182.959] IMarshal:GetUnmarshalClass (in: This=0xe30ad2c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.959] IUnknown:Release (This=0xe30ad2c) returned 0x3 [0182.959] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.959] IUnknown:Release (This=0xe30ad28) returned 0x2 [0182.959] IUnknown:QueryInterface (in: This=0xe30ad28, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30ad28) returned 0x0 [0182.959] IUnknown:AddRef (This=0xe30ad28) returned 0x4 [0182.959] IUnknown:Release (This=0xe30ad28) returned 0x3 [0182.959] IUnknown:Release (This=0xe30ad28) returned 0x2 [0182.959] CoTaskMemFree (pv=0xc16518) [0182.959] IUnknown:AddRef (This=0xe30ad28) returned 0x3 [0182.959] IWbemClassObject:Get (in: This=0xe30ad28, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.960] IWbemClassObject:Get (in: This=0xe30ad28, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.960] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.960] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.960] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.960] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.961] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0182.961] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16588, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.962] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16588, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe3246f8) returned 0x0 [0182.962] WbemDefPath:IUnknown:Release (This=0xc16588) returned 0x0 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe3246f8) returned 0x0 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.962] WbemDefPath:IUnknown:AddRef (This=0xe3246f8) returned 0x3 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.962] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32dc78) returned 0x0 [0182.962] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32dc78, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.962] WbemDefPath:IUnknown:Release (This=0xe32dc78) returned 0x3 [0182.963] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.963] WbemDefPath:IUnknown:Release (This=0xe3246f8) returned 0x2 [0182.963] WbemDefPath:IUnknown:Release (This=0xe3246f8) returned 0x1 [0182.963] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3246f8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe3246f8) returned 0x0 [0182.963] WbemDefPath:IUnknown:AddRef (This=0xe3246f8) returned 0x3 [0182.963] WbemDefPath:IUnknown:Release (This=0xe3246f8) returned 0x2 [0182.963] WbemDefPath:IWbemPath:SetText (This=0xe3246f8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3844\"") returned 0x0 [0182.963] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.963] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.963] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.963] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.963] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.964] IWbemClassObject:Get (in: This=0xe30ad28, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1e14*=0, plFlavor=0x6be1e18*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf04, varVal2=0x0), pType=0x6be1e14*=19, plFlavor=0x6be1e18*=0) returned 0x0 [0182.964] IWbemClassObject:Get (in: This=0xe30ad28, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1e14*=19, plFlavor=0x6be1e18*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf04, varVal2=0x0), pType=0x6be1e14*=19, plFlavor=0x6be1e18*=0) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.964] IWbemClassObject:Get (in: This=0xe30ad28, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1f60*=0, plFlavor=0x6be1f64*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x6be1f60*=8, plFlavor=0x6be1f64*=0) returned 0x0 [0182.964] IWbemClassObject:Get (in: This=0xe30ad28, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be1f60*=8, plFlavor=0x6be1f64*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x6be1f60*=8, plFlavor=0x6be1f64*=0) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.964] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.965] IWbemClassObject:Get (in: This=0xe30ad28, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be20ec*=0, plFlavor=0x6be20f0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\scriptftp.exe\" ", varVal2=0x0), pType=0x6be20ec*=8, plFlavor=0x6be20f0*=0) returned 0x0 [0182.965] IWbemClassObject:Get (in: This=0xe30ad28, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be20ec*=8, plFlavor=0x6be20f0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\scriptftp.exe\" ", varVal2=0x0), pType=0x6be20ec*=8, plFlavor=0x6be20f0*=0) returned 0x0 [0182.965] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0182.965] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6bb7a50 | out: apObjects=0xc16438*=0xe30a6c8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a6c8) returned 0x0 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.966] IUnknown:AddRef (This=0xe30a6c8) returned 0x3 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.966] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.967] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a6cc) returned 0x0 [0182.967] IMarshal:GetUnmarshalClass (in: This=0xe30a6cc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.967] IUnknown:Release (This=0xe30a6cc) returned 0x3 [0182.967] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.967] IUnknown:Release (This=0xe30a6c8) returned 0x2 [0182.967] IUnknown:QueryInterface (in: This=0xe30a6c8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a6c8) returned 0x0 [0182.967] IUnknown:AddRef (This=0xe30a6c8) returned 0x4 [0182.967] IUnknown:Release (This=0xe30a6c8) returned 0x3 [0182.967] IUnknown:Release (This=0xe30a6c8) returned 0x2 [0182.967] CoTaskMemFree (pv=0xc16438) [0182.967] IUnknown:AddRef (This=0xe30a6c8) returned 0x3 [0182.967] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.968] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.968] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.968] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.968] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.968] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.969] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16478) returned 0x0 [0182.969] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16478, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.969] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16478, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324a78) returned 0x0 [0182.969] WbemDefPath:IUnknown:Release (This=0xc16478) returned 0x0 [0182.969] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324a78) returned 0x0 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.970] WbemDefPath:IUnknown:AddRef (This=0xe324a78) returned 0x3 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32dcc0) returned 0x0 [0182.970] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32dcc0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.970] WbemDefPath:IUnknown:Release (This=0xe32dcc0) returned 0x3 [0182.970] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.971] WbemDefPath:IUnknown:Release (This=0xe324a78) returned 0x2 [0182.971] WbemDefPath:IUnknown:Release (This=0xe324a78) returned 0x1 [0182.971] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324a78, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324a78) returned 0x0 [0182.971] WbemDefPath:IUnknown:AddRef (This=0xe324a78) returned 0x3 [0182.971] WbemDefPath:IUnknown:Release (This=0xe324a78) returned 0x2 [0182.971] WbemDefPath:IWbemPath:SetText (This=0xe324a78, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.971] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.972] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2bb0*=0, plFlavor=0x6be2bb4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf14, varVal2=0x0), pType=0x6be2bb0*=19, plFlavor=0x6be2bb4*=0) returned 0x0 [0182.972] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2bb0*=19, plFlavor=0x6be2bb4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf14, varVal2=0x0), pType=0x6be2bb0*=19, plFlavor=0x6be2bb4*=0) returned 0x0 [0182.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.972] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.972] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.972] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2cfc*=0, plFlavor=0x6be2d00*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x6be2cfc*=8, plFlavor=0x6be2d00*=0) returned 0x0 [0182.972] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2cfc*=8, plFlavor=0x6be2d00*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x6be2cfc*=8, plFlavor=0x6be2d00*=0) returned 0x0 [0182.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.972] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.973] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.973] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2e78*=0, plFlavor=0x6be2e7c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\skype.exe\" ", varVal2=0x0), pType=0x6be2e78*=8, plFlavor=0x6be2e7c*=0) returned 0x0 [0182.973] IWbemClassObject:Get (in: This=0xe30a6c8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be2e78*=8, plFlavor=0x6be2e7c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\skype.exe\" ", varVal2=0x0), pType=0x6be2e78*=8, plFlavor=0x6be2e7c*=0) returned 0x0 [0182.973] CoTaskMemAlloc (cb=0x4) returned 0xc163e8 [0182.973] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163e8, puReturned=0x6bb7a50 | out: apObjects=0xc163e8*=0xe30aec0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.974] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30aec0) returned 0x0 [0182.974] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.974] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.974] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.975] IUnknown:AddRef (This=0xe30aec0) returned 0x3 [0182.975] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.975] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.975] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30aec4) returned 0x0 [0182.975] IMarshal:GetUnmarshalClass (in: This=0xe30aec4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.975] IUnknown:Release (This=0xe30aec4) returned 0x3 [0182.975] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.976] IUnknown:Release (This=0xe30aec0) returned 0x2 [0182.976] IUnknown:QueryInterface (in: This=0xe30aec0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30aec0) returned 0x0 [0182.976] IUnknown:AddRef (This=0xe30aec0) returned 0x4 [0182.976] IUnknown:Release (This=0xe30aec0) returned 0x3 [0182.976] IUnknown:Release (This=0xe30aec0) returned 0x2 [0182.976] CoTaskMemFree (pv=0xc163e8) [0182.976] IUnknown:AddRef (This=0xe30aec0) returned 0x3 [0182.976] IWbemClassObject:Get (in: This=0xe30aec0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.976] IWbemClassObject:Get (in: This=0xe30aec0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.976] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.977] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.977] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.977] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.978] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0182.978] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0182.978] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324d88) returned 0x0 [0182.978] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0182.978] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324d88) returned 0x0 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0182.979] WbemDefPath:IUnknown:AddRef (This=0xe324d88) returned 0x3 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32df78) returned 0x0 [0182.979] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32df78, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0182.979] WbemDefPath:IUnknown:Release (This=0xe32df78) returned 0x3 [0182.979] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0182.979] WbemDefPath:IUnknown:Release (This=0xe324d88) returned 0x2 [0182.980] WbemDefPath:IUnknown:Release (This=0xe324d88) returned 0x1 [0182.980] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d88, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324d88) returned 0x0 [0182.980] WbemDefPath:IUnknown:AddRef (This=0xe324d88) returned 0x3 [0182.980] WbemDefPath:IUnknown:Release (This=0xe324d88) returned 0x2 [0182.980] WbemDefPath:IWbemPath:SetText (This=0xe324d88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3868\"") returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.980] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.980] IWbemClassObject:Get (in: This=0xe30aec0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be391c*=0, plFlavor=0x6be3920*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf1c, varVal2=0x0), pType=0x6be391c*=19, plFlavor=0x6be3920*=0) returned 0x0 [0182.980] IWbemClassObject:Get (in: This=0xe30aec0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be391c*=19, plFlavor=0x6be3920*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf1c, varVal2=0x0), pType=0x6be391c*=19, plFlavor=0x6be3920*=0) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.981] IWbemClassObject:Get (in: This=0xe30aec0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be3a68*=0, plFlavor=0x6be3a6c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x6be3a68*=8, plFlavor=0x6be3a6c*=0) returned 0x0 [0182.981] IWbemClassObject:Get (in: This=0xe30aec0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be3a68*=8, plFlavor=0x6be3a6c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x6be3a68*=8, plFlavor=0x6be3a6c*=0) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0182.981] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.981] IWbemClassObject:Get (in: This=0xe30aec0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be3bf4*=0, plFlavor=0x6be3bf8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\smartftp.exe\" ", varVal2=0x0), pType=0x6be3bf4*=8, plFlavor=0x6be3bf8*=0) returned 0x0 [0182.981] IWbemClassObject:Get (in: This=0xe30aec0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be3bf4*=8, plFlavor=0x6be3bf8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Sidebar\\smartftp.exe\" ", varVal2=0x0), pType=0x6be3bf4*=8, plFlavor=0x6be3bf8*=0) returned 0x0 [0182.982] CoTaskMemAlloc (cb=0x4) returned 0xc16448 [0182.982] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16448, puReturned=0x6bb7a50 | out: apObjects=0xc16448*=0xe30b1f0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0182.983] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b1f0) returned 0x0 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0182.984] IUnknown:AddRef (This=0xe30b1f0) returned 0x3 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0182.984] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b1f4) returned 0x0 [0182.984] IMarshal:GetUnmarshalClass (in: This=0xe30b1f4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0182.984] IUnknown:Release (This=0xe30b1f4) returned 0x3 [0182.985] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0182.985] IUnknown:Release (This=0xe30b1f0) returned 0x2 [0182.985] IUnknown:QueryInterface (in: This=0xe30b1f0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b1f0) returned 0x0 [0182.985] IUnknown:AddRef (This=0xe30b1f0) returned 0x4 [0182.985] IUnknown:Release (This=0xe30b1f0) returned 0x3 [0182.985] IUnknown:Release (This=0xe30b1f0) returned 0x2 [0182.985] CoTaskMemFree (pv=0xc16448) [0182.985] IUnknown:AddRef (This=0xe30b1f0) returned 0x3 [0182.985] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0182.985] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0182.986] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0182.986] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0182.986] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0182.986] IUnknown:Release (This=0xb71a3c) returned 0x1 [0182.987] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0182.987] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.019] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324df8) returned 0x0 [0183.019] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0183.019] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324df8) returned 0x0 [0183.019] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.020] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.020] WbemDefPath:IUnknown:AddRef (This=0xe324df8) returned 0x3 [0183.020] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.020] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.020] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32e1a0) returned 0x0 [0183.020] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e1a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.020] WbemDefPath:IUnknown:Release (This=0xe32e1a0) returned 0x3 [0183.020] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.021] WbemDefPath:IUnknown:Release (This=0xe324df8) returned 0x2 [0183.021] WbemDefPath:IUnknown:Release (This=0xe324df8) returned 0x1 [0183.021] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324df8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324df8) returned 0x0 [0183.021] WbemDefPath:IUnknown:AddRef (This=0xe324df8) returned 0x3 [0183.021] WbemDefPath:IUnknown:Release (This=0xe324df8) returned 0x2 [0183.021] WbemDefPath:IWbemPath:SetText (This=0xe324df8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3876\"") returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.021] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.021] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be4684*=0, plFlavor=0x6be4688*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf24, varVal2=0x0), pType=0x6be4684*=19, plFlavor=0x6be4688*=0) returned 0x0 [0183.022] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be4684*=19, plFlavor=0x6be4688*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf24, varVal2=0x0), pType=0x6be4684*=19, plFlavor=0x6be4688*=0) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.022] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be47d0*=0, plFlavor=0x6be47d4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x6be47d0*=8, plFlavor=0x6be47d4*=0) returned 0x0 [0183.022] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be47d0*=8, plFlavor=0x6be47d4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x6be47d0*=8, plFlavor=0x6be47d4*=0) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.022] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.022] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be4964*=0, plFlavor=0x6be4968*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\thunderbird.exe\" ", varVal2=0x0), pType=0x6be4964*=8, plFlavor=0x6be4968*=0) returned 0x0 [0183.022] IWbemClassObject:Get (in: This=0xe30b1f0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be4964*=8, plFlavor=0x6be4968*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\thunderbird.exe\" ", varVal2=0x0), pType=0x6be4964*=8, plFlavor=0x6be4968*=0) returned 0x0 [0183.023] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0183.023] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30b520, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.066] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b520) returned 0x0 [0183.066] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.066] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.066] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.067] IUnknown:AddRef (This=0xe30b520) returned 0x3 [0183.067] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.067] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.067] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b524) returned 0x0 [0183.067] IMarshal:GetUnmarshalClass (in: This=0xe30b524, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.067] IUnknown:Release (This=0xe30b524) returned 0x3 [0183.067] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.067] IUnknown:Release (This=0xe30b520) returned 0x2 [0183.067] IUnknown:QueryInterface (in: This=0xe30b520, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b520) returned 0x0 [0183.068] IUnknown:AddRef (This=0xe30b520) returned 0x4 [0183.068] IUnknown:Release (This=0xe30b520) returned 0x3 [0183.068] IUnknown:Release (This=0xe30b520) returned 0x2 [0183.068] CoTaskMemFree (pv=0xc16518) [0183.068] IUnknown:AddRef (This=0xe30b520) returned 0x3 [0183.068] IWbemClassObject:Get (in: This=0xe30b520, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.068] IWbemClassObject:Get (in: This=0xe30b520, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.068] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.068] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.068] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.068] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.070] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0183.070] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.070] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe3251e8) returned 0x0 [0183.070] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0183.070] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe3251e8) returned 0x0 [0183.070] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.070] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.071] WbemDefPath:IUnknown:AddRef (This=0xe3251e8) returned 0x3 [0183.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32e2c0) returned 0x0 [0183.071] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e2c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.071] WbemDefPath:IUnknown:Release (This=0xe32e2c0) returned 0x3 [0183.071] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.071] WbemDefPath:IUnknown:Release (This=0xe3251e8) returned 0x2 [0183.071] WbemDefPath:IUnknown:Release (This=0xe3251e8) returned 0x1 [0183.072] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3251e8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe3251e8) returned 0x0 [0183.072] WbemDefPath:IUnknown:AddRef (This=0xe3251e8) returned 0x3 [0183.072] WbemDefPath:IUnknown:Release (This=0xe3251e8) returned 0x2 [0183.072] WbemDefPath:IWbemPath:SetText (This=0xe3251e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3900\"") returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.072] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.072] IWbemClassObject:Get (in: This=0xe30b520, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5438*=0, plFlavor=0x6be543c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf3c, varVal2=0x0), pType=0x6be5438*=19, plFlavor=0x6be543c*=0) returned 0x0 [0183.072] IWbemClassObject:Get (in: This=0xe30b520, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5438*=19, plFlavor=0x6be543c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf3c, varVal2=0x0), pType=0x6be5438*=19, plFlavor=0x6be543c*=0) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.073] IWbemClassObject:Get (in: This=0xe30b520, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5584*=0, plFlavor=0x6be5588*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x6be5584*=8, plFlavor=0x6be5588*=0) returned 0x0 [0183.073] IWbemClassObject:Get (in: This=0xe30b520, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5584*=8, plFlavor=0x6be5588*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x6be5584*=8, plFlavor=0x6be5588*=0) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.073] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.073] IWbemClassObject:Get (in: This=0xe30b520, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5710*=0, plFlavor=0x6be5714*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Journal\\trillian.exe\" ", varVal2=0x0), pType=0x6be5710*=8, plFlavor=0x6be5714*=0) returned 0x0 [0183.073] IWbemClassObject:Get (in: This=0xe30b520, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be5710*=8, plFlavor=0x6be5714*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Journal\\trillian.exe\" ", varVal2=0x0), pType=0x6be5710*=8, plFlavor=0x6be5714*=0) returned 0x0 [0183.074] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.074] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30a398, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.075] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a398) returned 0x0 [0183.075] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.075] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.075] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.075] IUnknown:AddRef (This=0xe30a398) returned 0x3 [0183.075] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.076] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.076] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a39c) returned 0x0 [0183.076] IMarshal:GetUnmarshalClass (in: This=0xe30a39c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.076] IUnknown:Release (This=0xe30a39c) returned 0x3 [0183.076] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.076] IUnknown:Release (This=0xe30a398) returned 0x2 [0183.076] IUnknown:QueryInterface (in: This=0xe30a398, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a398) returned 0x0 [0183.076] IUnknown:AddRef (This=0xe30a398) returned 0x4 [0183.076] IUnknown:Release (This=0xe30a398) returned 0x3 [0183.076] IUnknown:Release (This=0xe30a398) returned 0x2 [0183.076] CoTaskMemFree (pv=0xc16588) [0183.076] IUnknown:AddRef (This=0xe30a398) returned 0x3 [0183.076] IWbemClassObject:Get (in: This=0xe30a398, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.077] IWbemClassObject:Get (in: This=0xe30a398, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.077] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.077] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.077] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.077] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.078] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0183.078] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.078] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324b58) returned 0x0 [0183.078] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0183.078] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324b58) returned 0x0 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.079] WbemDefPath:IUnknown:AddRef (This=0xe324b58) returned 0x3 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32e4d0) returned 0x0 [0183.079] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32e4d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.079] WbemDefPath:IUnknown:Release (This=0xe32e4d0) returned 0x3 [0183.079] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.080] WbemDefPath:IUnknown:Release (This=0xe324b58) returned 0x2 [0183.080] WbemDefPath:IUnknown:Release (This=0xe324b58) returned 0x1 [0183.080] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324b58, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324b58) returned 0x0 [0183.080] WbemDefPath:IUnknown:AddRef (This=0xe324b58) returned 0x3 [0183.080] WbemDefPath:IUnknown:Release (This=0xe324b58) returned 0x2 [0183.080] WbemDefPath:IWbemPath:SetText (This=0xe324b58, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3908\"") returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.080] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.080] IWbemClassObject:Get (in: This=0xe30a398, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be61a0*=0, plFlavor=0x6be61a4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf44, varVal2=0x0), pType=0x6be61a0*=19, plFlavor=0x6be61a4*=0) returned 0x0 [0183.080] IWbemClassObject:Get (in: This=0xe30a398, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be61a0*=19, plFlavor=0x6be61a4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf44, varVal2=0x0), pType=0x6be61a0*=19, plFlavor=0x6be61a4*=0) returned 0x0 [0183.081] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.081] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.081] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.081] IWbemClassObject:Get (in: This=0xe30a398, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be62ec*=0, plFlavor=0x6be62f0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x6be62ec*=8, plFlavor=0x6be62f0*=0) returned 0x0 [0183.081] IWbemClassObject:Get (in: This=0xe30a398, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be62ec*=8, plFlavor=0x6be62f0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x6be62ec*=8, plFlavor=0x6be62f0*=0) returned 0x0 [0183.082] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.082] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.082] IWbemClassObject:Get (in: This=0xe30a398, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be6478*=0, plFlavor=0x6be647c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\webdrive.exe\" ", varVal2=0x0), pType=0x6be6478*=8, plFlavor=0x6be647c*=0) returned 0x0 [0183.082] IWbemClassObject:Get (in: This=0xe30a398, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be6478*=8, plFlavor=0x6be647c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\webdrive.exe\" ", varVal2=0x0), pType=0x6be6478*=8, plFlavor=0x6be647c*=0) returned 0x0 [0183.082] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0183.082] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6bb7a50 | out: apObjects=0xc16438*=0xe30b6b8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.084] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b6b8) returned 0x0 [0183.084] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.084] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.084] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.085] IUnknown:AddRef (This=0xe30b6b8) returned 0x3 [0183.085] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.085] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.085] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b6bc) returned 0x0 [0183.085] IMarshal:GetUnmarshalClass (in: This=0xe30b6bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.085] IUnknown:Release (This=0xe30b6bc) returned 0x3 [0183.085] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.085] IUnknown:Release (This=0xe30b6b8) returned 0x2 [0183.085] IUnknown:QueryInterface (in: This=0xe30b6b8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b6b8) returned 0x0 [0183.085] IUnknown:AddRef (This=0xe30b6b8) returned 0x4 [0183.085] IUnknown:Release (This=0xe30b6b8) returned 0x3 [0183.086] IUnknown:Release (This=0xe30b6b8) returned 0x2 [0183.086] CoTaskMemFree (pv=0xc16438) [0183.086] IUnknown:AddRef (This=0xe30b6b8) returned 0x3 [0183.086] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.086] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.086] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.086] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.086] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.086] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.087] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.087] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.088] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324e68) returned 0x0 [0183.088] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324e68) returned 0x0 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.088] WbemDefPath:IUnknown:AddRef (This=0xe324e68) returned 0x3 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.088] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32c6e8) returned 0x0 [0183.088] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c6e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.088] WbemDefPath:IUnknown:Release (This=0xe32c6e8) returned 0x3 [0183.089] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.089] WbemDefPath:IUnknown:Release (This=0xe324e68) returned 0x2 [0183.089] WbemDefPath:IUnknown:Release (This=0xe324e68) returned 0x1 [0183.089] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324e68, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324e68) returned 0x0 [0183.089] WbemDefPath:IUnknown:AddRef (This=0xe324e68) returned 0x3 [0183.089] WbemDefPath:IUnknown:Release (This=0xe324e68) returned 0x2 [0183.089] WbemDefPath:IWbemPath:SetText (This=0xe324e68, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3920\"") returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.089] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.090] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be6f18*=0, plFlavor=0x6be6f1c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf50, varVal2=0x0), pType=0x6be6f18*=19, plFlavor=0x6be6f1c*=0) returned 0x0 [0183.090] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be6f18*=19, plFlavor=0x6be6f1c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf50, varVal2=0x0), pType=0x6be6f18*=19, plFlavor=0x6be6f1c*=0) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.090] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7064*=0, plFlavor=0x6be7068*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x6be7064*=8, plFlavor=0x6be7068*=0) returned 0x0 [0183.090] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7064*=8, plFlavor=0x6be7068*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x6be7064*=8, plFlavor=0x6be7068*=0) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.090] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.090] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be71f0*=0, plFlavor=0x6be71f4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\whatsapp.exe\" ", varVal2=0x0), pType=0x6be71f0*=8, plFlavor=0x6be71f4*=0) returned 0x0 [0183.091] IWbemClassObject:Get (in: This=0xe30b6b8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be71f0*=8, plFlavor=0x6be71f4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\whatsapp.exe\" ", varVal2=0x0), pType=0x6be71f0*=8, plFlavor=0x6be71f4*=0) returned 0x0 [0183.091] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0183.091] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe30b850, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b850) returned 0x0 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.092] IUnknown:AddRef (This=0xe30b850) returned 0x3 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.092] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b854) returned 0x0 [0183.092] IMarshal:GetUnmarshalClass (in: This=0xe30b854, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.093] IUnknown:Release (This=0xe30b854) returned 0x3 [0183.093] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.093] IUnknown:Release (This=0xe30b850) returned 0x2 [0183.093] IUnknown:QueryInterface (in: This=0xe30b850, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b850) returned 0x0 [0183.093] IUnknown:AddRef (This=0xe30b850) returned 0x4 [0183.093] IUnknown:Release (This=0xe30b850) returned 0x3 [0183.093] IUnknown:Release (This=0xe30b850) returned 0x2 [0183.093] CoTaskMemFree (pv=0xc164b8) [0183.093] IUnknown:AddRef (This=0xe30b850) returned 0x3 [0183.093] IWbemClassObject:Get (in: This=0xe30b850, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.093] IWbemClassObject:Get (in: This=0xe30b850, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.094] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.094] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.094] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.094] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.095] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0183.095] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.095] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324fb8) returned 0x0 [0183.095] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0183.095] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324fb8) returned 0x0 [0183.095] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.096] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.096] WbemDefPath:IUnknown:AddRef (This=0xe324fb8) returned 0x3 [0183.096] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.096] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.096] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32c5e0) returned 0x0 [0183.096] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c5e0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.096] WbemDefPath:IUnknown:Release (This=0xe32c5e0) returned 0x3 [0183.096] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.096] WbemDefPath:IUnknown:Release (This=0xe324fb8) returned 0x2 [0183.097] WbemDefPath:IUnknown:Release (This=0xe324fb8) returned 0x1 [0183.097] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324fb8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324fb8) returned 0x0 [0183.097] WbemDefPath:IUnknown:AddRef (This=0xe324fb8) returned 0x3 [0183.097] WbemDefPath:IUnknown:Release (This=0xe324fb8) returned 0x2 [0183.097] WbemDefPath:IWbemPath:SetText (This=0xe324fb8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3928\"") returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.097] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.097] IWbemClassObject:Get (in: This=0xe30b850, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7c84*=0, plFlavor=0x6be7c88*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf58, varVal2=0x0), pType=0x6be7c84*=19, plFlavor=0x6be7c88*=0) returned 0x0 [0183.098] IWbemClassObject:Get (in: This=0xe30b850, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7c84*=19, plFlavor=0x6be7c88*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf58, varVal2=0x0), pType=0x6be7c84*=19, plFlavor=0x6be7c88*=0) returned 0x0 [0183.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.098] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.098] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.098] IWbemClassObject:Get (in: This=0xe30b850, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7dd0*=0, plFlavor=0x6be7dd4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x6be7dd0*=8, plFlavor=0x6be7dd4*=0) returned 0x0 [0183.098] IWbemClassObject:Get (in: This=0xe30b850, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7dd0*=8, plFlavor=0x6be7dd4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x6be7dd0*=8, plFlavor=0x6be7dd4*=0) returned 0x0 [0183.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.098] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.099] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.099] IWbemClassObject:Get (in: This=0xe30b850, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7f54*=0, plFlavor=0x6be7f58*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\MSBuild\\winscp.exe\" ", varVal2=0x0), pType=0x6be7f54*=8, plFlavor=0x6be7f58*=0) returned 0x0 [0183.099] IWbemClassObject:Get (in: This=0xe30b850, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be7f54*=8, plFlavor=0x6be7f58*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\MSBuild\\winscp.exe\" ", varVal2=0x0), pType=0x6be7f54*=8, plFlavor=0x6be7f58*=0) returned 0x0 [0183.099] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.099] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe309ed0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.144] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe309ed0) returned 0x0 [0183.144] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.145] IUnknown:AddRef (This=0xe309ed0) returned 0x3 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe309ed4) returned 0x0 [0183.145] IMarshal:GetUnmarshalClass (in: This=0xe309ed4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.145] IUnknown:Release (This=0xe309ed4) returned 0x3 [0183.145] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.146] IUnknown:Release (This=0xe309ed0) returned 0x2 [0183.146] IUnknown:QueryInterface (in: This=0xe309ed0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe309ed0) returned 0x0 [0183.146] IUnknown:AddRef (This=0xe309ed0) returned 0x4 [0183.146] IUnknown:Release (This=0xe309ed0) returned 0x3 [0183.146] IUnknown:Release (This=0xe309ed0) returned 0x2 [0183.146] CoTaskMemFree (pv=0xc16588) [0183.146] IUnknown:AddRef (This=0xe309ed0) returned 0x3 [0183.146] IWbemClassObject:Get (in: This=0xe309ed0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.146] IWbemClassObject:Get (in: This=0xe309ed0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.146] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.146] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.146] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.147] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.148] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16498) returned 0x0 [0183.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16498, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.148] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16498, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324458) returned 0x0 [0183.148] WbemDefPath:IUnknown:Release (This=0xc16498) returned 0x0 [0183.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324458) returned 0x0 [0183.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.148] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.149] WbemDefPath:IUnknown:AddRef (This=0xe324458) returned 0x3 [0183.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe32c8b0) returned 0x0 [0183.149] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe32c8b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.149] WbemDefPath:IUnknown:Release (This=0xe32c8b0) returned 0x3 [0183.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.149] WbemDefPath:IUnknown:Release (This=0xe324458) returned 0x2 [0183.149] WbemDefPath:IUnknown:Release (This=0xe324458) returned 0x1 [0183.149] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324458, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324458) returned 0x0 [0183.149] WbemDefPath:IUnknown:AddRef (This=0xe324458) returned 0x3 [0183.150] WbemDefPath:IUnknown:Release (This=0xe324458) returned 0x2 [0183.150] WbemDefPath:IWbemPath:SetText (This=0xe324458, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3948\"") returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.150] IWbemClassObject:Get (in: This=0xe309ed0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be89a4*=0, plFlavor=0x6be89a8*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf6c, varVal2=0x0), pType=0x6be89a4*=19, plFlavor=0x6be89a8*=0) returned 0x0 [0183.150] IWbemClassObject:Get (in: This=0xe309ed0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be89a4*=19, plFlavor=0x6be89a8*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf6c, varVal2=0x0), pType=0x6be89a4*=19, plFlavor=0x6be89a8*=0) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.150] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.150] IWbemClassObject:Get (in: This=0xe309ed0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be8af0*=0, plFlavor=0x6be8af4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x6be8af0*=8, plFlavor=0x6be8af4*=0) returned 0x0 [0183.151] IWbemClassObject:Get (in: This=0xe309ed0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be8af0*=8, plFlavor=0x6be8af4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x6be8af0*=8, plFlavor=0x6be8af4*=0) returned 0x0 [0183.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.151] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.151] IWbemClassObject:Get (in: This=0xe309ed0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be8c94*=0, plFlavor=0x6be8c98*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\yahoomessenger.exe\" ", varVal2=0x0), pType=0x6be8c94*=8, plFlavor=0x6be8c98*=0) returned 0x0 [0183.151] IWbemClassObject:Get (in: This=0xe309ed0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be8c94*=8, plFlavor=0x6be8c98*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Analysis Services\\yahoomessenger.exe\" ", varVal2=0x0), pType=0x6be8c94*=8, plFlavor=0x6be8c98*=0) returned 0x0 [0183.151] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0183.151] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6bb7a50 | out: apObjects=0xc16438*=0xe30a860, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.152] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a860) returned 0x0 [0183.152] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.152] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.152] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.153] IUnknown:AddRef (This=0xe30a860) returned 0x3 [0183.153] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.153] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.153] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a864) returned 0x0 [0183.153] IMarshal:GetUnmarshalClass (in: This=0xe30a864, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.153] IUnknown:Release (This=0xe30a864) returned 0x3 [0183.153] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.153] IUnknown:Release (This=0xe30a860) returned 0x2 [0183.153] IUnknown:QueryInterface (in: This=0xe30a860, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a860) returned 0x0 [0183.154] IUnknown:AddRef (This=0xe30a860) returned 0x4 [0183.154] IUnknown:Release (This=0xe30a860) returned 0x3 [0183.154] IUnknown:Release (This=0xe30a860) returned 0x2 [0183.154] CoTaskMemFree (pv=0xc16438) [0183.154] IUnknown:AddRef (This=0xe30a860) returned 0x3 [0183.154] IWbemClassObject:Get (in: This=0xe30a860, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.154] IWbemClassObject:Get (in: This=0xe30a860, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.154] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.154] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.154] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.154] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.155] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0183.156] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16588, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.156] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16588, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324538) returned 0x0 [0183.156] WbemDefPath:IUnknown:Release (This=0xc16588) returned 0x0 [0183.156] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324538) returned 0x0 [0183.156] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.156] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.156] WbemDefPath:IUnknown:AddRef (This=0xe324538) returned 0x3 [0183.156] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.157] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.157] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305c60) returned 0x0 [0183.157] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305c60, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.157] WbemDefPath:IUnknown:Release (This=0xe305c60) returned 0x3 [0183.157] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.157] WbemDefPath:IUnknown:Release (This=0xe324538) returned 0x2 [0183.157] WbemDefPath:IUnknown:Release (This=0xe324538) returned 0x1 [0183.157] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324538, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324538) returned 0x0 [0183.157] WbemDefPath:IUnknown:AddRef (This=0xe324538) returned 0x3 [0183.157] WbemDefPath:IUnknown:Release (This=0xe324538) returned 0x2 [0183.157] WbemDefPath:IWbemPath:SetText (This=0xe324538, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3960\"") returned 0x0 [0183.157] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.157] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.158] IWbemClassObject:Get (in: This=0xe30a860, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be97c0*=0, plFlavor=0x6be97c4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf78, varVal2=0x0), pType=0x6be97c0*=19, plFlavor=0x6be97c4*=0) returned 0x0 [0183.158] IWbemClassObject:Get (in: This=0xe30a860, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be97c0*=19, plFlavor=0x6be97c4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf78, varVal2=0x0), pType=0x6be97c0*=19, plFlavor=0x6be97c4*=0) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.158] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.158] IWbemClassObject:Get (in: This=0xe30a860, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be990c*=0, plFlavor=0x6be9910*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x6be990c*=8, plFlavor=0x6be9910*=0) returned 0x0 [0183.158] IWbemClassObject:Get (in: This=0xe30a860, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be990c*=8, plFlavor=0x6be9910*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x6be990c*=8, plFlavor=0x6be9910*=0) returned 0x0 [0183.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.159] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.159] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.159] IWbemClassObject:Get (in: This=0xe30a860, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be9aa8*=0, plFlavor=0x6be9aac*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\active-charge.exe\" ", varVal2=0x0), pType=0x6be9aa8*=8, plFlavor=0x6be9aac*=0) returned 0x0 [0183.159] IWbemClassObject:Get (in: This=0xe30a860, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6be9aa8*=8, plFlavor=0x6be9aac*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\active-charge.exe\" ", varVal2=0x0), pType=0x6be9aa8*=8, plFlavor=0x6be9aac*=0) returned 0x0 [0183.159] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.159] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30b9e8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.160] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30b9e8) returned 0x0 [0183.160] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.160] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.160] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.161] IUnknown:AddRef (This=0xe30b9e8) returned 0x3 [0183.161] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.161] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.161] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30b9ec) returned 0x0 [0183.161] IMarshal:GetUnmarshalClass (in: This=0xe30b9ec, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.161] IUnknown:Release (This=0xe30b9ec) returned 0x3 [0183.162] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.162] IUnknown:Release (This=0xe30b9e8) returned 0x2 [0183.162] IUnknown:QueryInterface (in: This=0xe30b9e8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30b9e8) returned 0x0 [0183.162] IUnknown:AddRef (This=0xe30b9e8) returned 0x4 [0183.162] IUnknown:Release (This=0xe30b9e8) returned 0x3 [0183.162] IUnknown:Release (This=0xe30b9e8) returned 0x2 [0183.162] CoTaskMemFree (pv=0xc16588) [0183.162] IUnknown:AddRef (This=0xe30b9e8) returned 0x3 [0183.162] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.162] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.162] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.162] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.162] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.163] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.164] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.164] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.164] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324618) returned 0x0 [0183.164] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0183.164] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324618) returned 0x0 [0183.164] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.164] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.164] WbemDefPath:IUnknown:AddRef (This=0xe324618) returned 0x3 [0183.165] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.165] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.165] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305b88) returned 0x0 [0183.165] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305b88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.165] WbemDefPath:IUnknown:Release (This=0xe305b88) returned 0x3 [0183.165] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.165] WbemDefPath:IUnknown:Release (This=0xe324618) returned 0x2 [0183.165] WbemDefPath:IUnknown:Release (This=0xe324618) returned 0x1 [0183.165] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324618, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324618) returned 0x0 [0183.165] WbemDefPath:IUnknown:AddRef (This=0xe324618) returned 0x3 [0183.165] WbemDefPath:IUnknown:Release (This=0xe324618) returned 0x2 [0183.165] WbemDefPath:IWbemPath:SetText (This=0xe324618, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3972\"") returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.166] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea574*=0, plFlavor=0x6bea578*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf84, varVal2=0x0), pType=0x6bea574*=19, plFlavor=0x6bea578*=0) returned 0x0 [0183.166] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea574*=19, plFlavor=0x6bea578*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf84, varVal2=0x0), pType=0x6bea574*=19, plFlavor=0x6bea578*=0) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.166] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.166] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea6c0*=0, plFlavor=0x6bea6c4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x6bea6c0*=8, plFlavor=0x6bea6c4*=0) returned 0x0 [0183.166] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea6c0*=8, plFlavor=0x6bea6c4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x6bea6c0*=8, plFlavor=0x6bea6c4*=0) returned 0x0 [0183.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.167] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.167] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.167] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea844*=0, plFlavor=0x6bea848*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\accupos.exe\" ", varVal2=0x0), pType=0x6bea844*=8, plFlavor=0x6bea848*=0) returned 0x0 [0183.167] IWbemClassObject:Get (in: This=0xe30b9e8, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bea844*=8, plFlavor=0x6bea848*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\accupos.exe\" ", varVal2=0x0), pType=0x6bea844*=8, plFlavor=0x6bea848*=0) returned 0x0 [0183.167] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.167] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe30bb80, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.168] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30bb80) returned 0x0 [0183.168] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.168] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.168] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.169] IUnknown:AddRef (This=0xe30bb80) returned 0x3 [0183.169] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.169] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.169] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30bb84) returned 0x0 [0183.169] IMarshal:GetUnmarshalClass (in: This=0xe30bb84, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.169] IUnknown:Release (This=0xe30bb84) returned 0x3 [0183.169] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.169] IUnknown:Release (This=0xe30bb80) returned 0x2 [0183.169] IUnknown:QueryInterface (in: This=0xe30bb80, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30bb80) returned 0x0 [0183.169] IUnknown:AddRef (This=0xe30bb80) returned 0x4 [0183.169] IUnknown:Release (This=0xe30bb80) returned 0x3 [0183.170] IUnknown:Release (This=0xe30bb80) returned 0x2 [0183.170] CoTaskMemFree (pv=0xc16588) [0183.170] IUnknown:AddRef (This=0xe30bb80) returned 0x3 [0183.170] IWbemClassObject:Get (in: This=0xe30bb80, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.170] IWbemClassObject:Get (in: This=0xe30bb80, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.170] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.170] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.170] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.170] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.171] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0183.171] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16588, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.171] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16588, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324688) returned 0x0 [0183.172] WbemDefPath:IUnknown:Release (This=0xc16588) returned 0x0 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324688) returned 0x0 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.172] WbemDefPath:IUnknown:AddRef (This=0xe324688) returned 0x3 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.172] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305e88) returned 0x0 [0183.172] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305e88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.172] WbemDefPath:IUnknown:Release (This=0xe305e88) returned 0x3 [0183.173] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.173] WbemDefPath:IUnknown:Release (This=0xe324688) returned 0x2 [0183.173] WbemDefPath:IUnknown:Release (This=0xe324688) returned 0x1 [0183.173] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324688, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324688) returned 0x0 [0183.173] WbemDefPath:IUnknown:AddRef (This=0xe324688) returned 0x3 [0183.173] WbemDefPath:IUnknown:Release (This=0xe324688) returned 0x2 [0183.173] WbemDefPath:IWbemPath:SetText (This=0xe324688, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.173] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.174] IWbemClassObject:Get (in: This=0xe30bb80, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb304*=0, plFlavor=0x6beb308*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf8c, varVal2=0x0), pType=0x6beb304*=19, plFlavor=0x6beb308*=0) returned 0x0 [0183.174] IWbemClassObject:Get (in: This=0xe30bb80, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb304*=19, plFlavor=0x6beb308*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf8c, varVal2=0x0), pType=0x6beb304*=19, plFlavor=0x6beb308*=0) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.174] IWbemClassObject:Get (in: This=0xe30bb80, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb450*=0, plFlavor=0x6beb454*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x6beb450*=8, plFlavor=0x6beb454*=0) returned 0x0 [0183.174] IWbemClassObject:Get (in: This=0xe30bb80, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb450*=8, plFlavor=0x6beb454*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x6beb450*=8, plFlavor=0x6beb454*=0) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.174] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.174] IWbemClassObject:Get (in: This=0xe30bb80, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb5cc*=0, plFlavor=0x6beb5d0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft SQL Server\\afr38.exe\" ", varVal2=0x0), pType=0x6beb5cc*=8, plFlavor=0x6beb5d0*=0) returned 0x0 [0183.222] IWbemClassObject:Get (in: This=0xe30bb80, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beb5cc*=8, plFlavor=0x6beb5d0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft SQL Server\\afr38.exe\" ", varVal2=0x0), pType=0x6beb5cc*=8, plFlavor=0x6beb5d0*=0) returned 0x0 [0183.223] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0183.223] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe30bd18, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30bd18) returned 0x0 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.224] IUnknown:AddRef (This=0xe30bd18) returned 0x3 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.224] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.225] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30bd1c) returned 0x0 [0183.225] IMarshal:GetUnmarshalClass (in: This=0xe30bd1c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.225] IUnknown:Release (This=0xe30bd1c) returned 0x3 [0183.225] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.225] IUnknown:Release (This=0xe30bd18) returned 0x2 [0183.225] IUnknown:QueryInterface (in: This=0xe30bd18, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30bd18) returned 0x0 [0183.225] IUnknown:AddRef (This=0xe30bd18) returned 0x4 [0183.225] IUnknown:Release (This=0xe30bd18) returned 0x3 [0183.225] IUnknown:Release (This=0xe30bd18) returned 0x2 [0183.225] CoTaskMemFree (pv=0xc16518) [0183.225] IUnknown:AddRef (This=0xe30bd18) returned 0x3 [0183.226] IWbemClassObject:Get (in: This=0xe30bd18, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.226] IWbemClassObject:Get (in: This=0xe30bd18, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.226] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.226] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.226] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.226] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.227] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0183.227] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.227] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324848) returned 0x0 [0183.228] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324848) returned 0x0 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.228] WbemDefPath:IUnknown:AddRef (This=0xe324848) returned 0x3 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.228] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3051c8) returned 0x0 [0183.228] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3051c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.228] WbemDefPath:IUnknown:Release (This=0xe3051c8) returned 0x3 [0183.229] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.229] WbemDefPath:IUnknown:Release (This=0xe324848) returned 0x2 [0183.229] WbemDefPath:IUnknown:Release (This=0xe324848) returned 0x1 [0183.229] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324848, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324848) returned 0x0 [0183.231] WbemDefPath:IUnknown:AddRef (This=0xe324848) returned 0x3 [0183.231] WbemDefPath:IUnknown:Release (This=0xe324848) returned 0x2 [0183.231] WbemDefPath:IWbemPath:SetText (This=0xe324848, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3996\"") returned 0x0 [0183.231] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.231] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.231] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.232] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.232] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.232] IWbemClassObject:Get (in: This=0xe30bd18, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec088*=0, plFlavor=0x6bec08c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf9c, varVal2=0x0), pType=0x6bec088*=19, plFlavor=0x6bec08c*=0) returned 0x0 [0183.232] IWbemClassObject:Get (in: This=0xe30bd18, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec088*=19, plFlavor=0x6bec08c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf9c, varVal2=0x0), pType=0x6bec088*=19, plFlavor=0x6bec08c*=0) returned 0x0 [0183.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.233] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.233] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.233] IWbemClassObject:Get (in: This=0xe30bd18, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec1d4*=0, plFlavor=0x6bec1d8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x6bec1d4*=8, plFlavor=0x6bec1d8*=0) returned 0x0 [0183.233] IWbemClassObject:Get (in: This=0xe30bd18, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec1d4*=8, plFlavor=0x6bec1d8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x6bec1d4*=8, plFlavor=0x6bec1d8*=0) returned 0x0 [0183.234] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.234] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.234] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.234] IWbemClassObject:Get (in: This=0xe30bd18, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec358*=0, plFlavor=0x6bec35c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\aldelo.exe\" ", varVal2=0x0), pType=0x6bec358*=8, plFlavor=0x6bec35c*=0) returned 0x0 [0183.234] IWbemClassObject:Get (in: This=0xe30bd18, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bec358*=8, plFlavor=0x6bec35c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\aldelo.exe\" ", varVal2=0x0), pType=0x6bec358*=8, plFlavor=0x6bec35c*=0) returned 0x0 [0183.235] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0183.235] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe30a068, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.237] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a068) returned 0x0 [0183.237] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.238] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.238] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.239] IUnknown:AddRef (This=0xe30a068) returned 0x3 [0183.239] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.239] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.239] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a06c) returned 0x0 [0183.240] IMarshal:GetUnmarshalClass (in: This=0xe30a06c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.240] IUnknown:Release (This=0xe30a06c) returned 0x3 [0183.240] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.240] IUnknown:Release (This=0xe30a068) returned 0x2 [0183.241] IUnknown:QueryInterface (in: This=0xe30a068, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a068) returned 0x0 [0183.241] IUnknown:AddRef (This=0xe30a068) returned 0x4 [0183.241] IUnknown:Release (This=0xe30a068) returned 0x3 [0183.241] IUnknown:Release (This=0xe30a068) returned 0x2 [0183.241] CoTaskMemFree (pv=0xc164b8) [0183.241] IUnknown:AddRef (This=0xe30a068) returned 0x3 [0183.241] IWbemClassObject:Get (in: This=0xe30a068, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.242] IWbemClassObject:Get (in: This=0xe30a068, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.242] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.242] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.242] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.242] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.244] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0183.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.245] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324768) returned 0x0 [0183.245] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0183.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324768) returned 0x0 [0183.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.245] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.246] WbemDefPath:IUnknown:AddRef (This=0xe324768) returned 0x3 [0183.246] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.246] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.246] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3053d8) returned 0x0 [0183.246] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3053d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.246] WbemDefPath:IUnknown:Release (This=0xe3053d8) returned 0x3 [0183.246] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.247] WbemDefPath:IUnknown:Release (This=0xe324768) returned 0x2 [0183.247] WbemDefPath:IUnknown:Release (This=0xe324768) returned 0x1 [0183.247] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324768, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324768) returned 0x0 [0183.247] WbemDefPath:IUnknown:AddRef (This=0xe324768) returned 0x3 [0183.247] WbemDefPath:IUnknown:Release (This=0xe324768) returned 0x2 [0183.247] WbemDefPath:IWbemPath:SetText (This=0xe324768, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4004\"") returned 0x0 [0183.247] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.247] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.247] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.248] IWbemClassObject:Get (in: This=0xe30a068, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6becdf0*=0, plFlavor=0x6becdf4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfa4, varVal2=0x0), pType=0x6becdf0*=19, plFlavor=0x6becdf4*=0) returned 0x0 [0183.248] IWbemClassObject:Get (in: This=0xe30a068, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6becdf0*=19, plFlavor=0x6becdf4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfa4, varVal2=0x0), pType=0x6becdf0*=19, plFlavor=0x6becdf4*=0) returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.248] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.249] IWbemClassObject:Get (in: This=0xe30a068, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6becf3c*=0, plFlavor=0x6becf40*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x6becf3c*=8, plFlavor=0x6becf40*=0) returned 0x0 [0183.249] IWbemClassObject:Get (in: This=0xe30a068, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6becf3c*=8, plFlavor=0x6becf40*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x6becf3c*=8, plFlavor=0x6becf40*=0) returned 0x0 [0183.249] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.249] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.249] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.249] IWbemClassObject:Get (in: This=0xe30a068, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed0d0*=0, plFlavor=0x6bed0d4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Portable Devices\\ccv_server.exe\" ", varVal2=0x0), pType=0x6bed0d0*=8, plFlavor=0x6bed0d4*=0) returned 0x0 [0183.249] IWbemClassObject:Get (in: This=0xe30a068, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bed0d0*=8, plFlavor=0x6bed0d4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Portable Devices\\ccv_server.exe\" ", varVal2=0x0), pType=0x6bed0d0*=8, plFlavor=0x6bed0d4*=0) returned 0x0 [0183.250] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0183.250] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe30a530, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe30a530) returned 0x0 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.261] IUnknown:AddRef (This=0xe30a530) returned 0x3 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.261] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe30a534) returned 0x0 [0183.261] IMarshal:GetUnmarshalClass (in: This=0xe30a534, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.262] IUnknown:Release (This=0xe30a534) returned 0x3 [0183.262] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.262] IUnknown:Release (This=0xe30a530) returned 0x2 [0183.262] IUnknown:QueryInterface (in: This=0xe30a530, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe30a530) returned 0x0 [0183.262] IUnknown:AddRef (This=0xe30a530) returned 0x4 [0183.262] IUnknown:Release (This=0xe30a530) returned 0x3 [0183.262] IUnknown:Release (This=0xe30a530) returned 0x2 [0183.262] CoTaskMemFree (pv=0xc164b8) [0183.262] IUnknown:AddRef (This=0xe30a530) returned 0x3 [0183.262] IWbemClassObject:Get (in: This=0xe30a530, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.262] IWbemClassObject:Get (in: This=0xe30a530, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.263] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.263] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.263] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.263] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.264] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163f8) returned 0x0 [0183.264] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.264] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324d18) returned 0x0 [0183.264] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0183.264] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324d18) returned 0x0 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.265] WbemDefPath:IUnknown:AddRef (This=0xe324d18) returned 0x3 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3054f8) returned 0x0 [0183.265] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3054f8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.265] WbemDefPath:IUnknown:Release (This=0xe3054f8) returned 0x3 [0183.265] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.266] WbemDefPath:IUnknown:Release (This=0xe324d18) returned 0x2 [0183.266] WbemDefPath:IUnknown:Release (This=0xe324d18) returned 0x1 [0183.266] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324d18, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324d18) returned 0x0 [0183.266] WbemDefPath:IUnknown:AddRef (This=0xe324d18) returned 0x3 [0183.266] WbemDefPath:IUnknown:Release (This=0xe324d18) returned 0x2 [0183.266] WbemDefPath:IWbemPath:SetText (This=0xe324d18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4020\"") returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.266] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.266] IWbemClassObject:Get (in: This=0xe30a530, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedbc8*=0, plFlavor=0x6bedbcc*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfb4, varVal2=0x0), pType=0x6bedbc8*=19, plFlavor=0x6bedbcc*=0) returned 0x0 [0183.266] IWbemClassObject:Get (in: This=0xe30a530, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedbc8*=19, plFlavor=0x6bedbcc*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfb4, varVal2=0x0), pType=0x6bedbc8*=19, plFlavor=0x6bedbcc*=0) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.267] IWbemClassObject:Get (in: This=0xe30a530, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedd14*=0, plFlavor=0x6bedd18*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x6bedd14*=8, plFlavor=0x6bedd18*=0) returned 0x0 [0183.267] IWbemClassObject:Get (in: This=0xe30a530, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedd14*=8, plFlavor=0x6bedd18*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x6bedd14*=8, plFlavor=0x6bedd18*=0) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.267] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.267] IWbemClassObject:Get (in: This=0xe30a530, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedec0*=0, plFlavor=0x6bedec4*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\centralcreditcard.exe\" ", varVal2=0x0), pType=0x6bedec0*=8, plFlavor=0x6bedec4*=0) returned 0x0 [0183.267] IWbemClassObject:Get (in: This=0xe30a530, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bedec0*=8, plFlavor=0x6bedec4*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows NT\\centralcreditcard.exe\" ", varVal2=0x0), pType=0x6bedec0*=8, plFlavor=0x6bedec4*=0) returned 0x0 [0183.267] CoTaskMemAlloc (cb=0x4) returned 0xc16468 [0183.268] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16468, puReturned=0x6bb7a50 | out: apObjects=0xc16468*=0xe334360, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe334360) returned 0x0 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.317] IUnknown:AddRef (This=0xe334360) returned 0x3 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.317] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334364) returned 0x0 [0183.318] IMarshal:GetUnmarshalClass (in: This=0xe334364, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.318] IUnknown:Release (This=0xe334364) returned 0x3 [0183.318] IUnknown:QueryInterface (in: This=0xe334360, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.318] IUnknown:Release (This=0xe334360) returned 0x2 [0183.318] IUnknown:QueryInterface (in: This=0xe334360, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe334360) returned 0x0 [0183.318] IUnknown:AddRef (This=0xe334360) returned 0x4 [0183.318] IUnknown:Release (This=0xe334360) returned 0x3 [0183.318] IUnknown:Release (This=0xe334360) returned 0x2 [0183.318] CoTaskMemFree (pv=0xc16468) [0183.318] IUnknown:AddRef (This=0xe334360) returned 0x3 [0183.318] IWbemClassObject:Get (in: This=0xe334360, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.318] IWbemClassObject:Get (in: This=0xe334360, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.319] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.319] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.319] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.319] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.320] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.320] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe3247d8) returned 0x0 [0183.320] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0183.320] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe3247d8) returned 0x0 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.321] WbemDefPath:IUnknown:AddRef (This=0xe3247d8) returned 0x3 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305720) returned 0x0 [0183.321] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305720, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.321] WbemDefPath:IUnknown:Release (This=0xe305720) returned 0x3 [0183.321] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.321] WbemDefPath:IUnknown:Release (This=0xe3247d8) returned 0x2 [0183.322] WbemDefPath:IUnknown:Release (This=0xe3247d8) returned 0x1 [0183.322] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3247d8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe3247d8) returned 0x0 [0183.322] WbemDefPath:IUnknown:AddRef (This=0xe3247d8) returned 0x3 [0183.322] WbemDefPath:IUnknown:Release (This=0xe3247d8) returned 0x2 [0183.322] WbemDefPath:IWbemPath:SetText (This=0xe3247d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4028\"") returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.322] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.322] IWbemClassObject:Get (in: This=0xe334360, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bee97c*=0, plFlavor=0x6bee980*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfbc, varVal2=0x0), pType=0x6bee97c*=19, plFlavor=0x6bee980*=0) returned 0x0 [0183.322] IWbemClassObject:Get (in: This=0xe334360, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bee97c*=19, plFlavor=0x6bee980*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfbc, varVal2=0x0), pType=0x6bee97c*=19, plFlavor=0x6bee980*=0) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.323] IWbemClassObject:Get (in: This=0xe334360, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beeac8*=0, plFlavor=0x6beeacc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x6beeac8*=8, plFlavor=0x6beeacc*=0) returned 0x0 [0183.323] IWbemClassObject:Get (in: This=0xe334360, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beeac8*=8, plFlavor=0x6beeacc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x6beeac8*=8, plFlavor=0x6beeacc*=0) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.323] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.323] IWbemClassObject:Get (in: This=0xe334360, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beec64*=0, plFlavor=0x6beec68*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\creditservice.exe\" ", varVal2=0x0), pType=0x6beec64*=8, plFlavor=0x6beec68*=0) returned 0x0 [0183.323] IWbemClassObject:Get (in: This=0xe334360, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6beec64*=8, plFlavor=0x6beec68*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\creditservice.exe\" ", varVal2=0x0), pType=0x6beec64*=8, plFlavor=0x6beec68*=0) returned 0x0 [0183.323] CoTaskMemAlloc (cb=0x4) returned 0xc16478 [0183.324] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16478, puReturned=0x6bb7a50 | out: apObjects=0xc16478*=0xe333e98, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe333e98) returned 0x0 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.325] IUnknown:AddRef (This=0xe333e98) returned 0x3 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.325] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe333e9c) returned 0x0 [0183.325] IMarshal:GetUnmarshalClass (in: This=0xe333e9c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.325] IUnknown:Release (This=0xe333e9c) returned 0x3 [0183.326] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.326] IUnknown:Release (This=0xe333e98) returned 0x2 [0183.326] IUnknown:QueryInterface (in: This=0xe333e98, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe333e98) returned 0x0 [0183.326] IUnknown:AddRef (This=0xe333e98) returned 0x4 [0183.326] IUnknown:Release (This=0xe333e98) returned 0x3 [0183.326] IUnknown:Release (This=0xe333e98) returned 0x2 [0183.326] CoTaskMemFree (pv=0xc16478) [0183.326] IUnknown:AddRef (This=0xe333e98) returned 0x3 [0183.326] IWbemClassObject:Get (in: This=0xe333e98, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.326] IWbemClassObject:Get (in: This=0xe333e98, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.326] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.326] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.327] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.327] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.328] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.328] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.328] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe3245a8) returned 0x0 [0183.328] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0183.328] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe3245a8) returned 0x0 [0183.328] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.328] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.328] WbemDefPath:IUnknown:AddRef (This=0xe3245a8) returned 0x3 [0183.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305600) returned 0x0 [0183.329] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305600, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.329] WbemDefPath:IUnknown:Release (This=0xe305600) returned 0x3 [0183.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.329] WbemDefPath:IUnknown:Release (This=0xe3245a8) returned 0x2 [0183.329] WbemDefPath:IUnknown:Release (This=0xe3245a8) returned 0x1 [0183.329] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3245a8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe3245a8) returned 0x0 [0183.329] WbemDefPath:IUnknown:AddRef (This=0xe3245a8) returned 0x3 [0183.329] WbemDefPath:IUnknown:Release (This=0xe3245a8) returned 0x2 [0183.329] WbemDefPath:IWbemPath:SetText (This=0xe3245a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4048\"") returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.330] IWbemClassObject:Get (in: This=0xe333e98, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bef96c*=0, plFlavor=0x6bef970*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfd0, varVal2=0x0), pType=0x6bef96c*=19, plFlavor=0x6bef970*=0) returned 0x0 [0183.330] IWbemClassObject:Get (in: This=0xe333e98, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bef96c*=19, plFlavor=0x6bef970*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfd0, varVal2=0x0), pType=0x6bef96c*=19, plFlavor=0x6bef970*=0) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.330] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.330] IWbemClassObject:Get (in: This=0xe333e98, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befab8*=0, plFlavor=0x6befabc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x6befab8*=8, plFlavor=0x6befabc*=0) returned 0x0 [0183.330] IWbemClassObject:Get (in: This=0xe333e98, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befab8*=8, plFlavor=0x6befabc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x6befab8*=8, plFlavor=0x6befabc*=0) returned 0x0 [0183.331] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.331] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.331] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.331] IWbemClassObject:Get (in: This=0xe333e98, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befc3c*=0, plFlavor=0x6befc40*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\edcsvr.exe\" ", varVal2=0x0), pType=0x6befc3c*=8, plFlavor=0x6befc40*=0) returned 0x0 [0183.331] IWbemClassObject:Get (in: This=0xe333e98, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6befc3c*=8, plFlavor=0x6befc40*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\edcsvr.exe\" ", varVal2=0x0), pType=0x6befc3c*=8, plFlavor=0x6befc40*=0) returned 0x0 [0183.331] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0183.332] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe3336a0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.332] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe3336a0) returned 0x0 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.333] IUnknown:AddRef (This=0xe3336a0) returned 0x3 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe3336a4) returned 0x0 [0183.333] IMarshal:GetUnmarshalClass (in: This=0xe3336a4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.333] IUnknown:Release (This=0xe3336a4) returned 0x3 [0183.333] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.334] IUnknown:Release (This=0xe3336a0) returned 0x2 [0183.334] IUnknown:QueryInterface (in: This=0xe3336a0, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe3336a0) returned 0x0 [0183.334] IUnknown:AddRef (This=0xe3336a0) returned 0x4 [0183.334] IUnknown:Release (This=0xe3336a0) returned 0x3 [0183.334] IUnknown:Release (This=0xe3336a0) returned 0x2 [0183.334] CoTaskMemFree (pv=0xc164b8) [0183.334] IUnknown:AddRef (This=0xe3336a0) returned 0x3 [0183.334] IWbemClassObject:Get (in: This=0xe3336a0, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.334] IWbemClassObject:Get (in: This=0xe3336a0, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.334] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.334] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.334] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.334] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.335] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.336] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16448, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe325108) returned 0x0 [0183.336] WbemDefPath:IUnknown:Release (This=0xc16448) returned 0x0 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe325108) returned 0x0 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.336] WbemDefPath:IUnknown:AddRef (This=0xe325108) returned 0x3 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.336] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe305840) returned 0x0 [0183.337] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe305840, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.337] WbemDefPath:IUnknown:Release (This=0xe305840) returned 0x3 [0183.337] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.337] WbemDefPath:IUnknown:Release (This=0xe325108) returned 0x2 [0183.337] WbemDefPath:IUnknown:Release (This=0xe325108) returned 0x1 [0183.337] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325108, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe325108) returned 0x0 [0183.337] WbemDefPath:IUnknown:AddRef (This=0xe325108) returned 0x3 [0183.337] WbemDefPath:IUnknown:Release (This=0xe325108) returned 0x2 [0183.337] WbemDefPath:IWbemPath:SetText (This=0xe325108, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4056\"") returned 0x0 [0183.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.337] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.337] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.338] IWbemClassObject:Get (in: This=0xe3336a0, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0678*=0, plFlavor=0x6bf067c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfd8, varVal2=0x0), pType=0x6bf0678*=19, plFlavor=0x6bf067c*=0) returned 0x0 [0183.338] IWbemClassObject:Get (in: This=0xe3336a0, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0678*=19, plFlavor=0x6bf067c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfd8, varVal2=0x0), pType=0x6bf0678*=19, plFlavor=0x6bf067c*=0) returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.338] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.338] IWbemClassObject:Get (in: This=0xe3336a0, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf07c4*=0, plFlavor=0x6bf07c8*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x6bf07c4*=8, plFlavor=0x6bf07c8*=0) returned 0x0 [0183.338] IWbemClassObject:Get (in: This=0xe3336a0, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf07c4*=8, plFlavor=0x6bf07c8*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x6bf07c4*=8, plFlavor=0x6bf07c8*=0) returned 0x0 [0183.339] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.339] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.339] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.339] IWbemClassObject:Get (in: This=0xe3336a0, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0940*=0, plFlavor=0x6bf0944*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\fpos.exe\" ", varVal2=0x0), pType=0x6bf0940*=8, plFlavor=0x6bf0944*=0) returned 0x0 [0183.339] IWbemClassObject:Get (in: This=0xe3336a0, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf0940*=8, plFlavor=0x6bf0944*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\fpos.exe\" ", varVal2=0x0), pType=0x6bf0940*=8, plFlavor=0x6bf0944*=0) returned 0x0 [0183.339] CoTaskMemAlloc (cb=0x4) returned 0xc164b8 [0183.339] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc164b8, puReturned=0x6bb7a50 | out: apObjects=0xc164b8*=0xe333b68, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.378] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe333b68) returned 0x0 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.379] IUnknown:AddRef (This=0xe333b68) returned 0x3 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.379] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe333b6c) returned 0x0 [0183.379] IMarshal:GetUnmarshalClass (in: This=0xe333b6c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.379] IUnknown:Release (This=0xe333b6c) returned 0x3 [0183.380] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.380] IUnknown:Release (This=0xe333b68) returned 0x2 [0183.380] IUnknown:QueryInterface (in: This=0xe333b68, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe333b68) returned 0x0 [0183.380] IUnknown:AddRef (This=0xe333b68) returned 0x4 [0183.380] IUnknown:Release (This=0xe333b68) returned 0x3 [0183.380] IUnknown:Release (This=0xe333b68) returned 0x2 [0183.380] CoTaskMemFree (pv=0xc164b8) [0183.380] IUnknown:AddRef (This=0xe333b68) returned 0x3 [0183.380] IWbemClassObject:Get (in: This=0xe333b68, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.380] IWbemClassObject:Get (in: This=0xe333b68, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.380] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.381] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.381] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.381] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.382] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.382] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.382] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16518, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324ed8) returned 0x0 [0183.382] WbemDefPath:IUnknown:Release (This=0xc16518) returned 0x0 [0183.382] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324ed8) returned 0x0 [0183.382] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.383] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.383] WbemDefPath:IUnknown:AddRef (This=0xe324ed8) returned 0x3 [0183.383] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.383] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.383] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3094b0) returned 0x0 [0183.383] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3094b0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.383] WbemDefPath:IUnknown:Release (This=0xe3094b0) returned 0x3 [0183.383] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.383] WbemDefPath:IUnknown:Release (This=0xe324ed8) returned 0x2 [0183.384] WbemDefPath:IUnknown:Release (This=0xe324ed8) returned 0x1 [0183.384] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ed8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324ed8) returned 0x0 [0183.384] WbemDefPath:IUnknown:AddRef (This=0xe324ed8) returned 0x3 [0183.384] WbemDefPath:IUnknown:Release (This=0xe324ed8) returned 0x2 [0183.384] WbemDefPath:IWbemPath:SetText (This=0xe324ed8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4072\"") returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.384] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.384] IWbemClassObject:Get (in: This=0xe333b68, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf13cc*=0, plFlavor=0x6bf13d0*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfe8, varVal2=0x0), pType=0x6bf13cc*=19, plFlavor=0x6bf13d0*=0) returned 0x0 [0183.384] IWbemClassObject:Get (in: This=0xe333b68, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf13cc*=19, plFlavor=0x6bf13d0*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfe8, varVal2=0x0), pType=0x6bf13cc*=19, plFlavor=0x6bf13d0*=0) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.385] IWbemClassObject:Get (in: This=0xe333b68, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1518*=0, plFlavor=0x6bf151c*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x6bf1518*=8, plFlavor=0x6bf151c*=0) returned 0x0 [0183.385] IWbemClassObject:Get (in: This=0xe333b68, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf1518*=8, plFlavor=0x6bf151c*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x6bf1518*=8, plFlavor=0x6bf151c*=0) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.385] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.385] IWbemClassObject:Get (in: This=0xe333b68, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf169c*=0, plFlavor=0x6bf16a0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Photo Viewer\\isspos.exe\" ", varVal2=0x0), pType=0x6bf169c*=8, plFlavor=0x6bf16a0*=0) returned 0x0 [0183.385] IWbemClassObject:Get (in: This=0xe333b68, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf169c*=8, plFlavor=0x6bf16a0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Photo Viewer\\isspos.exe\" ", varVal2=0x0), pType=0x6bf169c*=8, plFlavor=0x6bf16a0*=0) returned 0x0 [0183.386] CoTaskMemAlloc (cb=0x4) returned 0xc16398 [0183.386] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16398, puReturned=0x6bb7a50 | out: apObjects=0xc16398*=0xe334b58, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe334b58) returned 0x0 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.387] IUnknown:AddRef (This=0xe334b58) returned 0x3 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.387] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334b5c) returned 0x0 [0183.387] IMarshal:GetUnmarshalClass (in: This=0xe334b5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.388] IUnknown:Release (This=0xe334b5c) returned 0x3 [0183.388] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.388] IUnknown:Release (This=0xe334b58) returned 0x2 [0183.388] IUnknown:QueryInterface (in: This=0xe334b58, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe334b58) returned 0x0 [0183.388] IUnknown:AddRef (This=0xe334b58) returned 0x4 [0183.388] IUnknown:Release (This=0xe334b58) returned 0x3 [0183.388] IUnknown:Release (This=0xe334b58) returned 0x2 [0183.388] CoTaskMemFree (pv=0xc16398) [0183.388] IUnknown:AddRef (This=0xe334b58) returned 0x3 [0183.388] IWbemClassObject:Get (in: This=0xe334b58, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.388] IWbemClassObject:Get (in: This=0xe334b58, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.389] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.389] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.389] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.389] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.390] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0183.390] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16588, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.390] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16588, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324bc8) returned 0x0 [0183.390] WbemDefPath:IUnknown:Release (This=0xc16588) returned 0x0 [0183.390] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324bc8) returned 0x0 [0183.390] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.390] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.391] WbemDefPath:IUnknown:AddRef (This=0xe324bc8) returned 0x3 [0183.391] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.391] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.391] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3093c0) returned 0x0 [0183.391] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3093c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.391] WbemDefPath:IUnknown:Release (This=0xe3093c0) returned 0x3 [0183.391] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.391] WbemDefPath:IUnknown:Release (This=0xe324bc8) returned 0x2 [0183.391] WbemDefPath:IUnknown:Release (This=0xe324bc8) returned 0x1 [0183.392] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324bc8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324bc8) returned 0x0 [0183.392] WbemDefPath:IUnknown:AddRef (This=0xe324bc8) returned 0x3 [0183.392] WbemDefPath:IUnknown:Release (This=0xe324bc8) returned 0x2 [0183.392] WbemDefPath:IWbemPath:SetText (This=0xe324bc8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4080\"") returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.392] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.392] IWbemClassObject:Get (in: This=0xe334b58, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf215c*=0, plFlavor=0x6bf2160*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff0, varVal2=0x0), pType=0x6bf215c*=19, plFlavor=0x6bf2160*=0) returned 0x0 [0183.392] IWbemClassObject:Get (in: This=0xe334b58, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf215c*=19, plFlavor=0x6bf2160*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff0, varVal2=0x0), pType=0x6bf215c*=19, plFlavor=0x6bf2160*=0) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.393] IWbemClassObject:Get (in: This=0xe334b58, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf22a8*=0, plFlavor=0x6bf22ac*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x6bf22a8*=8, plFlavor=0x6bf22ac*=0) returned 0x0 [0183.393] IWbemClassObject:Get (in: This=0xe334b58, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf22a8*=8, plFlavor=0x6bf22ac*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x6bf22a8*=8, plFlavor=0x6bf22ac*=0) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.393] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.393] IWbemClassObject:Get (in: This=0xe334b58, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf2444*=0, plFlavor=0x6bf2448*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" ", varVal2=0x0), pType=0x6bf2444*=8, plFlavor=0x6bf2448*=0) returned 0x0 [0183.393] IWbemClassObject:Get (in: This=0xe334b58, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf2444*=8, plFlavor=0x6bf2448*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" ", varVal2=0x0), pType=0x6bf2444*=8, plFlavor=0x6bf2448*=0) returned 0x0 [0183.394] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0183.394] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe335020, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.395] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe335020) returned 0x0 [0183.395] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.395] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.395] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.396] IUnknown:AddRef (This=0xe335020) returned 0x3 [0183.396] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.396] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.396] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe335024) returned 0x0 [0183.396] IMarshal:GetUnmarshalClass (in: This=0xe335024, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.396] IUnknown:Release (This=0xe335024) returned 0x3 [0183.396] IUnknown:QueryInterface (in: This=0xe335020, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.396] IUnknown:Release (This=0xe335020) returned 0x2 [0183.396] IUnknown:QueryInterface (in: This=0xe335020, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe335020) returned 0x0 [0183.396] IUnknown:AddRef (This=0xe335020) returned 0x4 [0183.396] IUnknown:Release (This=0xe335020) returned 0x3 [0183.397] IUnknown:Release (This=0xe335020) returned 0x2 [0183.397] CoTaskMemFree (pv=0xc16518) [0183.397] IUnknown:AddRef (This=0xe335020) returned 0x3 [0183.397] IWbemClassObject:Get (in: This=0xe335020, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.397] IWbemClassObject:Get (in: This=0xe335020, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.397] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.397] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.397] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.397] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.398] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16438) returned 0x0 [0183.398] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.398] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe325028) returned 0x0 [0183.399] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe325028) returned 0x0 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.399] WbemDefPath:IUnknown:AddRef (This=0xe325028) returned 0x3 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.399] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe309810) returned 0x0 [0183.399] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe309810, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.399] WbemDefPath:IUnknown:Release (This=0xe309810) returned 0x3 [0183.400] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.400] WbemDefPath:IUnknown:Release (This=0xe325028) returned 0x2 [0183.400] WbemDefPath:IUnknown:Release (This=0xe325028) returned 0x1 [0183.400] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325028, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe325028) returned 0x0 [0183.400] WbemDefPath:IUnknown:AddRef (This=0xe325028) returned 0x3 [0183.400] WbemDefPath:IUnknown:Release (This=0xe325028) returned 0x2 [0183.400] WbemDefPath:IWbemPath:SetText (This=0xe325028, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4092\"") returned 0x0 [0183.400] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.400] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.400] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.400] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.400] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.401] IWbemClassObject:Get (in: This=0xe335020, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf2f28*=0, plFlavor=0x6bf2f2c*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffc, varVal2=0x0), pType=0x6bf2f28*=19, plFlavor=0x6bf2f2c*=0) returned 0x0 [0183.401] IWbemClassObject:Get (in: This=0xe335020, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf2f28*=19, plFlavor=0x6bf2f2c*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffc, varVal2=0x0), pType=0x6bf2f28*=19, plFlavor=0x6bf2f2c*=0) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.401] IWbemClassObject:Get (in: This=0xe335020, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3074*=0, plFlavor=0x6bf3078*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x6bf3074*=8, plFlavor=0x6bf3078*=0) returned 0x0 [0183.401] IWbemClassObject:Get (in: This=0xe335020, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3074*=8, plFlavor=0x6bf3078*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x6bf3074*=8, plFlavor=0x6bf3078*=0) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.401] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.402] IWbemClassObject:Get (in: This=0xe335020, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf31f8*=0, plFlavor=0x6bf31fc*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\omnipos.exe\" ", varVal2=0x0), pType=0x6bf31f8*=8, plFlavor=0x6bf31fc*=0) returned 0x0 [0183.402] IWbemClassObject:Get (in: This=0xe335020, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf31f8*=8, plFlavor=0x6bf31fc*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\omnipos.exe\" ", varVal2=0x0), pType=0x6bf31f8*=8, plFlavor=0x6bf31fc*=0) returned 0x0 [0183.402] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.402] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe333370, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe333370) returned 0x0 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.511] IUnknown:AddRef (This=0xe333370) returned 0x3 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.511] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe333374) returned 0x0 [0183.512] IMarshal:GetUnmarshalClass (in: This=0xe333374, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.512] IUnknown:Release (This=0xe333374) returned 0x3 [0183.512] IUnknown:QueryInterface (in: This=0xe333370, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.512] IUnknown:Release (This=0xe333370) returned 0x2 [0183.512] IUnknown:QueryInterface (in: This=0xe333370, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe333370) returned 0x0 [0183.512] IUnknown:AddRef (This=0xe333370) returned 0x4 [0183.512] IUnknown:Release (This=0xe333370) returned 0x3 [0183.512] IUnknown:Release (This=0xe333370) returned 0x2 [0183.512] CoTaskMemFree (pv=0xc16588) [0183.512] IUnknown:AddRef (This=0xe333370) returned 0x3 [0183.512] IWbemClassObject:Get (in: This=0xe333370, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.513] IWbemClassObject:Get (in: This=0xe333370, wszName="__PATH", lFlags=0, pVal=0x18ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edcc*=0, plFlavor=0x18edc8*=0 | out: pVal=0x18ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"", varVal2=0x0), pType=0x18edcc*=8, plFlavor=0x18edc8*=64) returned 0x0 [0183.513] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.513] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.513] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.513] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.514] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc163e8) returned 0x0 [0183.514] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.514] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324c38) returned 0x0 [0183.514] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324c38) returned 0x0 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.515] WbemDefPath:IUnknown:AddRef (This=0xe324c38) returned 0x3 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.515] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe309690) returned 0x0 [0183.515] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe309690, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.515] WbemDefPath:IUnknown:Release (This=0xe309690) returned 0x3 [0183.516] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.516] WbemDefPath:IUnknown:Release (This=0xe324c38) returned 0x2 [0183.516] WbemDefPath:IUnknown:Release (This=0xe324c38) returned 0x1 [0183.516] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324c38, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324c38) returned 0x0 [0183.516] WbemDefPath:IUnknown:AddRef (This=0xe324c38) returned 0x3 [0183.516] WbemDefPath:IUnknown:Release (This=0xe324c38) returned 0x2 [0183.516] WbemDefPath:IWbemPath:SetText (This=0xe324c38, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.516] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.517] IWbemClassObject:Get (in: This=0xe333370, wszName="ProcessId", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3ca0*=0, plFlavor=0x6bf3ca4*=0 | out: pVal=0x18ed68*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1004, varVal2=0x0), pType=0x6bf3ca0*=19, plFlavor=0x6bf3ca4*=0) returned 0x0 [0183.517] IWbemClassObject:Get (in: This=0xe333370, wszName="ProcessId", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3ca0*=19, plFlavor=0x6bf3ca4*=0 | out: pVal=0x18ed70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1004, varVal2=0x0), pType=0x6bf3ca0*=19, plFlavor=0x6bf3ca4*=0) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.517] IWbemClassObject:Get (in: This=0xe333370, wszName="Name", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3dec*=0, plFlavor=0x6bf3df0*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x6bf3dec*=8, plFlavor=0x6bf3df0*=0) returned 0x0 [0183.517] IWbemClassObject:Get (in: This=0xe333370, wszName="Name", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3dec*=8, plFlavor=0x6bf3df0*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x6bf3dec*=8, plFlavor=0x6bf3df0*=0) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0xf, pszText=0x0) returned 0x0 [0183.517] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed68*=0xf, pszText="00000000000000" | out: puBuffLength=0x18ed68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.518] IWbemClassObject:Get (in: This=0xe333370, wszName="CommandLine", lFlags=0, pVal=0x18ed68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3f70*=0, plFlavor=0x6bf3f74*=0 | out: pVal=0x18ed68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\spcwin.exe\" ", varVal2=0x0), pType=0x6bf3f70*=8, plFlavor=0x6bf3f74*=0) returned 0x0 [0183.518] IWbemClassObject:Get (in: This=0xe333370, wszName="CommandLine", lFlags=0, pVal=0x18ed70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6bf3f70*=8, plFlavor=0x6bf3f74*=0 | out: pVal=0x18ed70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft Office\\spcwin.exe\" ", varVal2=0x0), pType=0x6bf3f70*=8, plFlavor=0x6bf3f74*=0) returned 0x0 [0183.518] CoTaskMemAlloc (cb=0x4) returned 0xc16408 [0183.518] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16408, puReturned=0x6bb7a50 | out: apObjects=0xc16408*=0xe3351b8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.618] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e3d0 | out: ppvObject=0x18e3d0*=0xe3351b8) returned 0x0 [0183.618] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e38c | out: ppvObject=0x18e38c*=0x0) returned 0x80004002 [0183.618] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e1ac | out: ppvObject=0x18e1ac*=0x0) returned 0x80004002 [0183.618] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df84 | out: ppvObject=0x18df84*=0x0) returned 0x80004002 [0183.618] IUnknown:AddRef (This=0xe3351b8) returned 0x3 [0183.619] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.619] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.619] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe3351bc) returned 0x0 [0183.619] IMarshal:GetUnmarshalClass (in: This=0xe3351bc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.619] IUnknown:Release (This=0xe3351bc) returned 0x3 [0183.619] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e194 | out: ppvObject=0x18e194*=0x0) returned 0x80004002 [0183.620] IUnknown:Release (This=0xe3351b8) returned 0x2 [0183.620] IUnknown:QueryInterface (in: This=0xe3351b8, riid=0x18e710*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e70c | out: ppvObject=0x18e70c*=0xe3351b8) returned 0x0 [0183.620] IUnknown:AddRef (This=0xe3351b8) returned 0x4 [0183.620] IUnknown:Release (This=0xe3351b8) returned 0x3 [0183.620] IUnknown:Release (This=0xe3351b8) returned 0x2 [0183.620] CoTaskMemFree (pv=0xc16408) [0183.620] IUnknown:AddRef (This=0xe3351b8) returned 0x3 [0183.620] IWbemClassObject:Get (in: This=0xe3351b8, wszName="__GENUS", lFlags=0, pVal=0x18ed64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ede4*=0, plFlavor=0x18ede0*=0 | out: pVal=0x18ed64*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18ede4*=3, plFlavor=0x18ede0*=64) returned 0x0 [0183.622] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.622] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.622] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.622] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.624] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16478) returned 0x0 [0183.624] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16478, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8f4 | out: ppvObject=0x18e8f4*=0x0) returned 0x80004002 [0183.624] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16478, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e900 | out: ppvObject=0x18e900*=0xe324ca8) returned 0x0 [0183.624] WbemDefPath:IUnknown:Release (This=0xc16478) returned 0x0 [0183.624] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e524 | out: ppvObject=0x18e524*=0xe324ca8) returned 0x0 [0183.625] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4e0 | out: ppvObject=0x18e4e0*=0x0) returned 0x80004002 [0183.625] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0d4 | out: ppvObject=0x18e0d4*=0x0) returned 0x80004002 [0183.625] WbemDefPath:IUnknown:AddRef (This=0xe324ca8) returned 0x3 [0183.625] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.625] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.626] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe308a00) returned 0x0 [0183.626] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308a00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.626] WbemDefPath:IUnknown:Release (This=0xe308a00) returned 0x3 [0183.626] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2e4 | out: ppvObject=0x18e2e4*=0x0) returned 0x80004002 [0183.626] WbemDefPath:IUnknown:Release (This=0xe324ca8) returned 0x2 [0183.626] WbemDefPath:IUnknown:Release (This=0xe324ca8) returned 0x1 [0183.626] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324ca8, riid=0x18ec20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ec1c | out: ppvObject=0x18ec1c*=0xe324ca8) returned 0x0 [0183.627] WbemDefPath:IUnknown:AddRef (This=0xe324ca8) returned 0x3 [0183.627] WbemDefPath:IUnknown:Release (This=0xe324ca8) returned 0x2 [0183.627] WbemDefPath:IWbemPath:SetText (This=0xe324ca8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x0 [0183.627] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18eda0 | out: puCount=0x18eda0*=0x2) returned 0x0 [0183.627] WbemDefPath:IWbemPath:GetText (in: This=0xbc3520, lFlags=4, puBuffLength=0x18ed9c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed9c*=0xf, pszText=0x0) returned 0x0 [0183.627] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.627] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.628] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.628] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0183.629] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe334cf0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.637] IUnknown:AddRef (This=0xe334cf0) returned 0x3 [0183.637] IUnknown:QueryInterface (in: This=0xe334cf0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.637] IUnknown:QueryInterface (in: This=0xe334cf0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.637] IUnknown:QueryInterface (in: This=0xe334cf0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334cf4) returned 0x0 [0183.637] IMarshal:GetUnmarshalClass (in: This=0xe334cf4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.637] IUnknown:Release (This=0xe334cf4) returned 0x3 [0183.637] IUnknown:Release (This=0xe334cf0) returned 0x2 [0183.637] CoTaskMemFree (pv=0xc16488) [0183.638] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.638] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.638] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.638] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.639] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0183.640] WbemDefPath:IUnknown:AddRef (This=0xe324f48) returned 0x3 [0183.640] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324f48, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.640] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324f48, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.640] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324f48, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe308a48) returned 0x0 [0183.640] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308a48, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.640] WbemDefPath:IUnknown:Release (This=0xe308a48) returned 0x3 [0183.640] WbemDefPath:IUnknown:Release (This=0xe324f48) returned 0x2 [0183.640] WbemDefPath:IUnknown:Release (This=0xe324f48) returned 0x1 [0183.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.642] CoTaskMemAlloc (cb=0x4) returned 0xc16438 [0183.642] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16438, puReturned=0x6bb7a50 | out: apObjects=0xc16438*=0xe334690, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.643] IUnknown:AddRef (This=0xe334690) returned 0x3 [0183.643] IUnknown:QueryInterface (in: This=0xe334690, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.643] IUnknown:QueryInterface (in: This=0xe334690, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.643] IUnknown:QueryInterface (in: This=0xe334690, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334694) returned 0x0 [0183.643] IMarshal:GetUnmarshalClass (in: This=0xe334694, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.646] IUnknown:Release (This=0xe334694) returned 0x3 [0183.646] IUnknown:Release (This=0xe334690) returned 0x2 [0183.646] CoTaskMemFree (pv=0xc16438) [0183.646] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.646] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.646] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.646] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.647] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16468) returned 0x0 [0183.648] WbemDefPath:IUnknown:AddRef (This=0xe3248b8) returned 0x3 [0183.648] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3248b8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.648] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3248b8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.648] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3248b8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe308ef8) returned 0x0 [0183.648] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308ef8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.648] WbemDefPath:IUnknown:Release (This=0xe308ef8) returned 0x3 [0183.649] WbemDefPath:IUnknown:Release (This=0xe3248b8) returned 0x2 [0183.649] WbemDefPath:IUnknown:Release (This=0xe3248b8) returned 0x1 [0183.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.650] CoTaskMemAlloc (cb=0x4) returned 0xc16478 [0183.650] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16478, puReturned=0x6bb7a50 | out: apObjects=0xc16478*=0xe333508, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.651] IUnknown:AddRef (This=0xe333508) returned 0x3 [0183.651] IUnknown:QueryInterface (in: This=0xe333508, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.651] IUnknown:QueryInterface (in: This=0xe333508, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.651] IUnknown:QueryInterface (in: This=0xe333508, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe33350c) returned 0x0 [0183.651] IMarshal:GetUnmarshalClass (in: This=0xe33350c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.651] IUnknown:Release (This=0xe33350c) returned 0x3 [0183.652] IUnknown:Release (This=0xe333508) returned 0x2 [0183.652] CoTaskMemFree (pv=0xc16478) [0183.652] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.652] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.652] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.652] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.653] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc164b8) returned 0x0 [0183.654] WbemDefPath:IUnknown:AddRef (This=0xe324928) returned 0x3 [0183.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324928, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324928, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.654] WbemDefPath:IUnknown:QueryInterface (in: This=0xe324928, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe3090d8) returned 0x0 [0183.654] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3090d8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.654] WbemDefPath:IUnknown:Release (This=0xe3090d8) returned 0x3 [0183.654] WbemDefPath:IUnknown:Release (This=0xe324928) returned 0x2 [0183.654] WbemDefPath:IUnknown:Release (This=0xe324928) returned 0x1 [0183.655] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.655] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.655] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.655] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.655] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe334e88, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.773] IUnknown:AddRef (This=0xe334e88) returned 0x3 [0183.773] IUnknown:QueryInterface (in: This=0xe334e88, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.773] IUnknown:QueryInterface (in: This=0xe334e88, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.773] IUnknown:QueryInterface (in: This=0xe334e88, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334e8c) returned 0x0 [0183.773] IMarshal:GetUnmarshalClass (in: This=0xe334e8c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.774] IUnknown:Release (This=0xe334e8c) returned 0x3 [0183.774] IUnknown:Release (This=0xe334e88) returned 0x2 [0183.774] CoTaskMemFree (pv=0xc16588) [0183.774] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.774] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.774] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.774] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.775] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16478) returned 0x0 [0183.776] WbemDefPath:IUnknown:AddRef (This=0xe325178) returned 0x3 [0183.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325178, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325178, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.776] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325178, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe308fd0) returned 0x0 [0183.776] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe308fd0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.776] WbemDefPath:IUnknown:Release (This=0xe308fd0) returned 0x3 [0183.777] WbemDefPath:IUnknown:Release (This=0xe325178) returned 0x2 [0183.777] WbemDefPath:IUnknown:Release (This=0xe325178) returned 0x1 [0183.777] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.777] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.777] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.778] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0183.778] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0xe3349c0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.779] IUnknown:AddRef (This=0xe3349c0) returned 0x3 [0183.779] IUnknown:QueryInterface (in: This=0xe3349c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.779] IUnknown:QueryInterface (in: This=0xe3349c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.779] IUnknown:QueryInterface (in: This=0xe3349c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe3349c4) returned 0x0 [0183.779] IMarshal:GetUnmarshalClass (in: This=0xe3349c4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.779] IUnknown:Release (This=0xe3349c4) returned 0x3 [0183.780] IUnknown:Release (This=0xe3349c0) returned 0x2 [0183.780] CoTaskMemFree (pv=0xc16488) [0183.780] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.780] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.780] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.780] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.781] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16448) returned 0x0 [0183.782] WbemDefPath:IUnknown:AddRef (This=0xe325098) returned 0x3 [0183.782] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325098, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.782] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325098, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.782] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325098, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe31acb8) returned 0x0 [0183.782] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31acb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.782] WbemDefPath:IUnknown:Release (This=0xe31acb8) returned 0x3 [0183.782] WbemDefPath:IUnknown:Release (This=0xe325098) returned 0x2 [0183.782] WbemDefPath:IUnknown:Release (This=0xe325098) returned 0x1 [0183.782] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.783] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.783] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.783] CoTaskMemAlloc (cb=0x4) returned 0xc163f8 [0183.783] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163f8, puReturned=0x6bb7a50 | out: apObjects=0xc163f8*=0xe333838, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.801] IUnknown:AddRef (This=0xe333838) returned 0x3 [0183.801] IUnknown:QueryInterface (in: This=0xe333838, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.801] IUnknown:QueryInterface (in: This=0xe333838, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.801] IUnknown:QueryInterface (in: This=0xe333838, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe33383c) returned 0x0 [0183.801] IMarshal:GetUnmarshalClass (in: This=0xe33383c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.801] IUnknown:Release (This=0xe33383c) returned 0x3 [0183.801] IUnknown:Release (This=0xe333838) returned 0x2 [0183.801] CoTaskMemFree (pv=0xc163f8) [0183.802] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.802] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.802] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.802] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.803] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0183.804] WbemDefPath:IUnknown:AddRef (This=0xe3244c8) returned 0x3 [0183.804] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3244c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.804] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3244c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.804] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3244c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe31ab80) returned 0x0 [0183.804] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31ab80, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.804] WbemDefPath:IUnknown:Release (This=0xe31ab80) returned 0x3 [0183.804] WbemDefPath:IUnknown:Release (This=0xe3244c8) returned 0x2 [0183.804] WbemDefPath:IUnknown:Release (This=0xe3244c8) returned 0x1 [0183.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.805] CoTaskMemAlloc (cb=0x4) returned 0xc163e8 [0183.805] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163e8, puReturned=0x6bb7a50 | out: apObjects=0xc163e8*=0xe3344f8, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.806] IUnknown:AddRef (This=0xe3344f8) returned 0x3 [0183.806] IUnknown:QueryInterface (in: This=0xe3344f8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.806] IUnknown:QueryInterface (in: This=0xe3344f8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.807] IUnknown:QueryInterface (in: This=0xe3344f8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe3344fc) returned 0x0 [0183.807] IMarshal:GetUnmarshalClass (in: This=0xe3344fc, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.807] IUnknown:Release (This=0xe3344fc) returned 0x3 [0183.807] IUnknown:Release (This=0xe3344f8) returned 0x2 [0183.807] CoTaskMemFree (pv=0xc163e8) [0183.807] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.807] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.807] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.807] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.808] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16488) returned 0x0 [0183.809] WbemDefPath:IUnknown:AddRef (This=0xe3253a8) returned 0x3 [0183.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3253a8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3253a8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.809] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3253a8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe319f08) returned 0x0 [0183.809] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe319f08, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.809] WbemDefPath:IUnknown:Release (This=0xe319f08) returned 0x3 [0183.809] WbemDefPath:IUnknown:Release (This=0xe3253a8) returned 0x2 [0183.809] WbemDefPath:IUnknown:Release (This=0xe3253a8) returned 0x1 [0183.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.810] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0183.810] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6bb7a50 | out: apObjects=0xc16518*=0xe3339d0, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.811] IUnknown:AddRef (This=0xe3339d0) returned 0x3 [0183.812] IUnknown:QueryInterface (in: This=0xe3339d0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.812] IUnknown:QueryInterface (in: This=0xe3339d0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.812] IUnknown:QueryInterface (in: This=0xe3339d0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe3339d4) returned 0x0 [0183.812] IMarshal:GetUnmarshalClass (in: This=0xe3339d4, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.812] IUnknown:Release (This=0xe3339d4) returned 0x3 [0183.812] IUnknown:Release (This=0xe3339d0) returned 0x2 [0183.812] CoTaskMemFree (pv=0xc16518) [0183.812] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.812] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.812] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.812] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.813] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16518) returned 0x0 [0183.814] WbemDefPath:IUnknown:AddRef (This=0xe325338) returned 0x3 [0183.814] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325338, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.814] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325338, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.814] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325338, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe31a058) returned 0x0 [0183.814] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a058, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.814] WbemDefPath:IUnknown:Release (This=0xe31a058) returned 0x3 [0183.815] WbemDefPath:IUnknown:Release (This=0xe325338) returned 0x2 [0183.815] WbemDefPath:IUnknown:Release (This=0xe325338) returned 0x1 [0183.815] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.815] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.819] CoTaskMemAlloc (cb=0x4) returned 0xc163e8 [0183.819] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc163e8, puReturned=0x6bb7a50 | out: apObjects=0xc163e8*=0xe333d00, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.820] IUnknown:AddRef (This=0xe333d00) returned 0x3 [0183.820] IUnknown:QueryInterface (in: This=0xe333d00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.820] IUnknown:QueryInterface (in: This=0xe333d00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.820] IUnknown:QueryInterface (in: This=0xe333d00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe333d04) returned 0x0 [0183.820] IMarshal:GetUnmarshalClass (in: This=0xe333d04, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.820] IUnknown:Release (This=0xe333d04) returned 0x3 [0183.821] IUnknown:Release (This=0xe333d00) returned 0x2 [0183.821] CoTaskMemFree (pv=0xc163e8) [0183.821] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.821] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.821] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.821] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.822] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16478) returned 0x0 [0183.822] WbemDefPath:IUnknown:AddRef (This=0xe3252c8) returned 0x3 [0183.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3252c8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3252c8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.823] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3252c8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe31a2c8) returned 0x0 [0183.823] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a2c8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.823] WbemDefPath:IUnknown:Release (This=0xe31a2c8) returned 0x3 [0183.823] WbemDefPath:IUnknown:Release (This=0xe3252c8) returned 0x2 [0183.823] WbemDefPath:IUnknown:Release (This=0xe3252c8) returned 0x1 [0183.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.824] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.824] CoTaskMemAlloc (cb=0x4) returned 0xc16588 [0183.824] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16588, puReturned=0x6bb7a50 | out: apObjects=0xc16588*=0xe334030, puReturned=0x6bb7a50*=0x1) returned 0x0 [0183.827] IUnknown:AddRef (This=0xe334030) returned 0x3 [0183.827] IUnknown:QueryInterface (in: This=0xe334030, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dce4 | out: ppvObject=0x18dce4*=0x0) returned 0x80004002 [0183.827] IUnknown:QueryInterface (in: This=0xe334030, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc94 | out: ppvObject=0x18dc94*=0x0) returned 0x80004002 [0183.827] IUnknown:QueryInterface (in: This=0xe334030, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dca0 | out: ppvObject=0x18dca0*=0xe334034) returned 0x0 [0183.827] IMarshal:GetUnmarshalClass (in: This=0xe334034, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dca8 | out: pCid=0x18dca8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0183.827] IUnknown:Release (This=0xe334034) returned 0x3 [0183.827] IUnknown:Release (This=0xe334030) returned 0x2 [0183.827] CoTaskMemFree (pv=0xc16588) [0183.827] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed74 | out: ppv=0x18ed74*=0xb71a3c) returned 0x0 [0183.827] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed6c | out: pAptType=0x18ed6c*=1) returned 0x0 [0183.827] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed70 | out: ppvObject=0x18ed70*=0x0) returned 0x80004002 [0183.828] IUnknown:Release (This=0xb71a3c) returned 0x1 [0183.829] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6d8 | out: ppv=0x18e6d8*=0xc16588) returned 0x0 [0183.829] WbemDefPath:IUnknown:AddRef (This=0xe325258) returned 0x3 [0183.829] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325258, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de34 | out: ppvObject=0x18de34*=0x0) returned 0x80004002 [0183.829] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325258, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dde4 | out: ppvObject=0x18dde4*=0x0) returned 0x80004002 [0183.829] WbemDefPath:IUnknown:QueryInterface (in: This=0xe325258, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddf0 | out: ppvObject=0x18ddf0*=0xe31a220) returned 0x0 [0183.829] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a220, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddf8 | out: pCid=0x18ddf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.829] WbemDefPath:IUnknown:Release (This=0xe31a220) returned 0x3 [0183.830] WbemDefPath:IUnknown:Release (This=0xe325258) returned 0x2 [0183.830] WbemDefPath:IUnknown:Release (This=0xe325258) returned 0x1 [0183.830] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.830] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.830] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xbc3520, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0183.831] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0183.831] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6bb7a50 | out: apObjects=0xc16488*=0x0, puReturned=0x6bb7a50*=0x0) returned 0x1 [0183.836] CoTaskMemFree (pv=0xc16488) [0183.837] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0183.837] IUnknown:Release (This=0xb7aa10) returned 0x0 [0183.840] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0183.840] IUnknown:Release (This=0xb7a498) returned 0x0 [0183.878] CoCreateGuid (in: pguid=0x18ec10 | out: pguid=0x18ec10*(Data1=0x325f201a, Data2=0x2c60, Data3=0x40db, Data4=([0]=0xad, [1]=0xdb, [2]=0x9e, [3]=0xc3, [4]=0xb3, [5]=0x4a, [6]=0xf0, [7]=0xfe))) returned 0x0 [0183.879] CoCreateGuid (in: pguid=0x18eb50 | out: pguid=0x18eb50*(Data1=0x84ccc949, Data2=0x1a0, Data3=0x4bf4, Data4=([0]=0x8f, [1]=0x56, [2]=0xb1, [3]=0x30, [4]=0xd3, [5]=0xab, [6]=0xf8, [7]=0xfc))) returned 0x0 [0183.881] send (s=0x348, buf=0x839ad9f*, len=8713, flags=0) returned 8713 [0183.886] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 125 [0184.079] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0184.080] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0184.080] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0184.080] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.081] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc163e8) returned 0x0 [0184.081] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0184.081] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe300830) returned 0x0 [0184.081] WbemDefPath:IUnknown:Release (This=0xc163e8) returned 0x0 [0184.081] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe300830) returned 0x0 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0184.082] WbemDefPath:IUnknown:AddRef (This=0xe300830) returned 0x3 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe31a508) returned 0x0 [0184.082] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a508, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.082] WbemDefPath:IUnknown:Release (This=0xe31a508) returned 0x3 [0184.082] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0184.082] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0184.082] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0184.083] WbemDefPath:IUnknown:Release (This=0xe300830) returned 0x2 [0184.083] WbemDefPath:IUnknown:Release (This=0xe300830) returned 0x1 [0184.083] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0184.083] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0184.083] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300830, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe300830) returned 0x0 [0184.083] WbemDefPath:IUnknown:AddRef (This=0xe300830) returned 0x3 [0184.083] WbemDefPath:IUnknown:Release (This=0xe300830) returned 0x2 [0184.083] WbemDefPath:IWbemPath:SetText (This=0xe300830, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300830, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x18, pszText=0x0) returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed7c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed7c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300830, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x18, pszText=0x0) returned 0x0 [0184.083] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed68*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed68*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.083] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0184.083] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0184.084] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0184.084] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.084] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe31a6e8) returned 0x0 [0184.084] WbemLocator:IUnknown:QueryInterface (in: This=0xe31a6e8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0184.085] WbemLocator:IClassFactory:CreateInstance (in: This=0xe31a6e8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc16428) returned 0x0 [0184.085] WbemLocator:IUnknown:Release (This=0xe31a6e8) returned 0x0 [0184.085] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc16428) returned 0x0 [0184.085] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0184.085] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0184.085] WbemLocator:IUnknown:AddRef (This=0xc16428) returned 0x3 [0184.086] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0184.086] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0184.086] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0184.086] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0184.086] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0184.086] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0184.086] WbemLocator:IUnknown:Release (This=0xc16428) returned 0x2 [0184.086] WbemLocator:IUnknown:Release (This=0xc16428) returned 0x1 [0184.086] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0184.086] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0184.086] WbemLocator:IUnknown:QueryInterface (in: This=0xc16428, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc16428) returned 0x0 [0184.086] WbemLocator:IUnknown:AddRef (This=0xc16428) returned 0x3 [0184.088] WbemLocator:IUnknown:Release (This=0xc16428) returned 0x2 [0184.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300830, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0184.089] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x18, pszText=0x0) returned 0x0 [0184.089] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=8, puBuffLength=0x18ecd4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ecd4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.089] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc16488) returned 0x0 [0184.089] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16488, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe31d668) returned 0x0 [0184.170] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d668, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbf8dc) returned 0x0 [0184.170] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbf8dc, pProxy=0xe31d668, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0184.170] WbemLocator:IUnknown:Release (This=0xbbf8dc) returned 0x1 [0184.170] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d668, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbf900) returned 0x0 [0184.170] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d668, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbf8dc) returned 0x0 [0184.170] WbemLocator:IClientSecurity:SetBlanket (This=0xbbf8dc, pProxy=0xe31d668, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.171] WbemLocator:IUnknown:Release (This=0xbbf8dc) returned 0x2 [0184.171] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x1 [0184.171] CoTaskMemFree (pv=0xe2f2a68) [0184.171] WbemLocator:IUnknown:Release (This=0xc16488) returned 0x0 [0184.171] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d668, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbf900) returned 0x0 [0184.171] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0184.172] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0184.172] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d668, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0184.173] WbemLocator:IUnknown:AddRef (This=0xbbf900) returned 0x3 [0184.173] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0184.173] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0184.173] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbf85c) returned 0x0 [0184.173] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf85c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.173] WbemLocator:IUnknown:Release (This=0xbbf85c) returned 0x3 [0184.173] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0184.174] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0184.174] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbf8e4) returned 0x0 [0184.174] WbemLocator:IRpcOptions:Query (in: This=0xbbf8e4, pPrx=0xbbf900, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0184.174] WbemLocator:IUnknown:Release (This=0xbbf8e4) returned 0x3 [0184.174] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x2 [0184.174] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0184.174] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0184.174] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe31d668) returned 0x0 [0184.174] WbemLocator:IUnknown:AddRef (This=0xe31d668) returned 0x4 [0184.175] WbemLocator:IUnknown:Release (This=0xe31d668) returned 0x3 [0184.175] WbemLocator:IUnknown:Release (This=0xe31d668) returned 0x2 [0184.175] SysStringLen (param_1=0x0) returned 0x0 [0184.175] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0184.175] WbemLocator:IUnknown:AddRef (This=0xbbf900) returned 0x3 [0184.175] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf900, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbf900) returned 0x0 [0184.175] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x3 [0184.175] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x2 [0184.175] CoGetContextToken (in: pToken=0x18ead8 | out: pToken=0x18ead8) returned 0x0 [0184.175] WbemLocator:IUnknown:AddRef (This=0xe31d668) returned 0x3 [0184.175] IWbemServices:ExecQuery (in: This=0xe31d668, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7a3d0) returned 0x0 [0184.305] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb40 | out: ppvObject=0x18eb40*=0xb7a3d4) returned 0x0 [0184.305] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18eb90, pAuthzSvc=0x18eb8c, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88, pImpLevel=0x18eb78, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80 | out: pAuthnSvc=0x18eb90*=0xa, pAuthzSvc=0x18eb8c*=0x0, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88*=0x6, pImpLevel=0x18eb78*=0x2, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80*=0x1) returned 0x0 [0184.305] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0184.305] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb34 | out: ppvObject=0x18eb34*=0xbbec00) returned 0x0 [0184.305] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb20 | out: ppvObject=0x18eb20*=0xb7a3d4) returned 0x0 [0184.305] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.307] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0184.307] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0184.307] CoTaskMemFree (pv=0xe2f28e8) [0184.307] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e72c | out: ppvObject=0x18e72c*=0xbbec00) returned 0x0 [0184.308] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e8 | out: ppvObject=0x18e6e8*=0x0) returned 0x80004002 [0184.308] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0184.308] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0184.309] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0184.309] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0184.309] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0184.309] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbeb5c) returned 0x0 [0184.309] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.309] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0184.309] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0184.309] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0184.310] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbebe4) returned 0x0 [0184.310] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0184.310] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0184.310] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0184.310] CoGetContextToken (in: pToken=0x18ea40 | out: pToken=0x18ea40) returned 0x0 [0184.310] CoGetContextToken (in: pToken=0x18e9a0 | out: pToken=0x18e9a0) returned 0x0 [0184.310] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18ea70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea6c | out: ppvObject=0x18ea6c*=0xb7a3d0) returned 0x0 [0184.310] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0184.310] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0184.310] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0184.310] WbemLocator:IUnknown:Release (This=0xe31d668) returned 0x2 [0184.310] SysStringLen (param_1=0x0) returned 0x0 [0184.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300830, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0184.310] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x18, pszText=0x0) returned 0x0 [0184.310] WbemDefPath:IWbemPath:GetText (in: This=0xe300830, lFlags=4, puBuffLength=0x18ed2c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed2c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.310] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0184.310] IUnknown:AddRef (This=0xb7a3d0) returned 0x3 [0184.311] IEnumWbemClassObject:Clone (in: This=0xb7a3d0, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7aa10) returned 0x0 [0184.312] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7aa14) returned 0x0 [0184.312] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0184.312] IUnknown:Release (This=0xb7aa14) returned 0x1 [0184.312] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbf300) returned 0x0 [0184.312] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7aa14) returned 0x0 [0184.312] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.314] IUnknown:Release (This=0xb7aa14) returned 0x2 [0184.314] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x1 [0184.314] CoTaskMemFree (pv=0xe2f2d38) [0184.314] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbf300) returned 0x0 [0184.314] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0184.319] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0184.322] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0184.323] WbemLocator:IUnknown:AddRef (This=0xbbf300) returned 0x3 [0184.323] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0184.323] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0184.323] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbf25c) returned 0x0 [0184.323] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf25c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.323] WbemLocator:IUnknown:Release (This=0xbbf25c) returned 0x3 [0184.323] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0184.323] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0184.323] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbf2e4) returned 0x0 [0184.324] WbemLocator:IRpcOptions:Query (in: This=0xbbf2e4, pPrx=0xbbf300, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0184.324] WbemLocator:IUnknown:Release (This=0xbbf2e4) returned 0x3 [0184.324] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x2 [0184.324] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0184.324] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0184.324] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7aa10) returned 0x0 [0184.324] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0184.324] IUnknown:Release (This=0xb7aa10) returned 0x3 [0184.324] IUnknown:Release (This=0xb7aa10) returned 0x2 [0184.324] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0184.324] SysStringLen (param_1=0x0) returned 0x0 [0184.324] IEnumWbemClassObject:Reset (This=0xb7aa10) returned 0x0 [0184.325] CoTaskMemAlloc (cb=0x4) returned 0xc16418 [0184.325] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16418, puReturned=0x6bff764 | out: apObjects=0xc16418*=0x0, puReturned=0x6bff764*=0x0) returned 0x1 [0184.326] CoTaskMemFree (pv=0xc16418) [0184.327] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.327] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x1 [0184.327] IUnknown:Release (This=0xb7aa10) returned 0x0 [0184.328] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.328] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0184.328] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0184.331] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0184.331] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0184.331] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0184.331] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.332] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc16438) returned 0x0 [0184.333] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0184.333] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe2ffc60) returned 0x0 [0184.333] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0184.333] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe2ffc60) returned 0x0 [0184.333] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0184.333] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0184.334] WbemDefPath:IUnknown:AddRef (This=0xe2ffc60) returned 0x3 [0184.334] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0184.334] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0184.334] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe31a598) returned 0x0 [0184.334] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a598, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.334] WbemDefPath:IUnknown:Release (This=0xe31a598) returned 0x3 [0184.334] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0184.334] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0184.334] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0184.335] WbemDefPath:IUnknown:Release (This=0xe2ffc60) returned 0x2 [0184.335] WbemDefPath:IUnknown:Release (This=0xe2ffc60) returned 0x1 [0184.335] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0184.335] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0184.335] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffc60, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe2ffc60) returned 0x0 [0184.335] WbemDefPath:IUnknown:AddRef (This=0xe2ffc60) returned 0x3 [0184.335] WbemDefPath:IUnknown:Release (This=0xe2ffc60) returned 0x2 [0184.335] WbemDefPath:IWbemPath:SetText (This=0xe2ffc60, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffc60, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x18, pszText=0x0) returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed7c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed7c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffc60, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x18, pszText=0x0) returned 0x0 [0184.341] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed68*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed68*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.341] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0184.341] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0184.341] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0184.341] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.342] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe31a8c8) returned 0x0 [0184.342] WbemLocator:IUnknown:QueryInterface (in: This=0xe31a8c8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0184.343] WbemLocator:IClassFactory:CreateInstance (in: This=0xe31a8c8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc16448) returned 0x0 [0184.343] WbemLocator:IUnknown:Release (This=0xe31a8c8) returned 0x0 [0184.343] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc16448) returned 0x0 [0184.343] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0184.343] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0184.344] WbemLocator:IUnknown:AddRef (This=0xc16448) returned 0x3 [0184.344] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0184.344] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0184.344] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0184.344] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0184.344] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0184.344] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0184.344] WbemLocator:IUnknown:Release (This=0xc16448) returned 0x2 [0184.345] WbemLocator:IUnknown:Release (This=0xc16448) returned 0x1 [0184.345] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0184.345] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0184.345] WbemLocator:IUnknown:QueryInterface (in: This=0xc16448, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc16448) returned 0x0 [0184.345] WbemLocator:IUnknown:AddRef (This=0xc16448) returned 0x3 [0184.345] WbemLocator:IUnknown:Release (This=0xc16448) returned 0x2 [0184.345] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffc60, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0184.345] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x18, pszText=0x0) returned 0x0 [0184.345] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=8, puBuffLength=0x18ecd4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ecd4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.345] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc164e8) returned 0x0 [0184.345] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc164e8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe31d3e8) returned 0x0 [0184.479] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d3e8, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbe4dc) returned 0x0 [0184.480] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbe4dc, pProxy=0xe31d3e8, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0184.480] WbemLocator:IUnknown:Release (This=0xbbe4dc) returned 0x1 [0184.480] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d3e8, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbe500) returned 0x0 [0184.480] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d3e8, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbe4dc) returned 0x0 [0184.480] WbemLocator:IClientSecurity:SetBlanket (This=0xbbe4dc, pProxy=0xe31d3e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.480] WbemLocator:IUnknown:Release (This=0xbbe4dc) returned 0x2 [0184.480] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0184.480] CoTaskMemFree (pv=0xe2f2a68) [0184.480] WbemLocator:IUnknown:Release (This=0xc164e8) returned 0x0 [0184.481] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d3e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbe500) returned 0x0 [0184.481] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0184.482] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0184.494] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d3e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0184.524] WbemLocator:IUnknown:AddRef (This=0xbbe500) returned 0x3 [0184.524] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0184.526] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0184.526] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbe45c) returned 0x0 [0184.526] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe45c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.526] WbemLocator:IUnknown:Release (This=0xbbe45c) returned 0x3 [0184.526] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0184.526] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0184.526] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbe4e4) returned 0x0 [0184.527] WbemLocator:IRpcOptions:Query (in: This=0xbbe4e4, pPrx=0xbbe500, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0184.527] WbemLocator:IUnknown:Release (This=0xbbe4e4) returned 0x3 [0184.527] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x2 [0184.527] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0184.527] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0184.527] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe31d3e8) returned 0x0 [0184.527] WbemLocator:IUnknown:AddRef (This=0xe31d3e8) returned 0x4 [0184.527] WbemLocator:IUnknown:Release (This=0xe31d3e8) returned 0x3 [0184.527] WbemLocator:IUnknown:Release (This=0xe31d3e8) returned 0x2 [0184.527] SysStringLen (param_1=0x0) returned 0x0 [0184.527] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0184.527] WbemLocator:IUnknown:AddRef (This=0xbbe500) returned 0x3 [0184.527] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe500, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbe500) returned 0x0 [0184.527] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x3 [0184.528] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x2 [0184.528] CoGetContextToken (in: pToken=0x18ead0 | out: pToken=0x18ead0) returned 0x0 [0184.528] WbemLocator:IUnknown:AddRef (This=0xe31d3e8) returned 0x3 [0184.528] IWbemServices:ExecQuery (in: This=0xe31d3e8, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7aa10) returned 0x0 [0184.581] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xb7aa14) returned 0x0 [0184.582] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18eb8c, pAuthzSvc=0x18eb88, pServerPrincName=0x18eb80, pAuthnLevel=0x18eb84, pImpLevel=0x18eb74, pAuthInfo=0x18eb78, pCapabilites=0x18eb7c | out: pAuthnSvc=0x18eb8c*=0xa, pAuthzSvc=0x18eb88*=0x0, pServerPrincName=0x18eb80, pAuthnLevel=0x18eb84*=0x6, pImpLevel=0x18eb74*=0x2, pAuthInfo=0x18eb78, pCapabilites=0x18eb7c*=0x1) returned 0x0 [0184.582] IUnknown:Release (This=0xb7aa14) returned 0x1 [0184.582] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xbbf600) returned 0x0 [0184.582] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb1c | out: ppvObject=0x18eb1c*=0xb7aa14) returned 0x0 [0184.582] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.699] IUnknown:Release (This=0xb7aa14) returned 0x2 [0184.699] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0184.700] CoTaskMemFree (pv=0xe2f2c78) [0184.700] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e728 | out: ppvObject=0x18e728*=0xbbf600) returned 0x0 [0184.700] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e4 | out: ppvObject=0x18e6e4*=0x0) returned 0x80004002 [0184.701] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0184.701] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0184.702] WbemLocator:IUnknown:AddRef (This=0xbbf600) returned 0x3 [0184.702] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0184.702] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0184.702] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbf55c) returned 0x0 [0184.702] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf55c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.702] WbemLocator:IUnknown:Release (This=0xbbf55c) returned 0x3 [0184.702] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0184.702] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0184.702] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbf5e4) returned 0x0 [0184.702] WbemLocator:IRpcOptions:Query (in: This=0xbbf5e4, pPrx=0xbbf600, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0184.703] WbemLocator:IUnknown:Release (This=0xbbf5e4) returned 0x3 [0184.703] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x2 [0184.703] CoGetContextToken (in: pToken=0x18ea38 | out: pToken=0x18ea38) returned 0x0 [0184.703] CoGetContextToken (in: pToken=0x18e998 | out: pToken=0x18e998) returned 0x0 [0184.703] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x18ea68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea64 | out: ppvObject=0x18ea64*=0xb7aa10) returned 0x0 [0184.703] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0184.703] IUnknown:Release (This=0xb7aa10) returned 0x3 [0184.703] IUnknown:Release (This=0xb7aa10) returned 0x2 [0184.703] WbemLocator:IUnknown:Release (This=0xe31d3e8) returned 0x2 [0184.703] SysStringLen (param_1=0x0) returned 0x0 [0184.703] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffc60, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0184.703] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x18, pszText=0x0) returned 0x0 [0184.703] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffc60, lFlags=4, puBuffLength=0x18ed2c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed2c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.703] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0184.703] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0184.704] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7a560) returned 0x0 [0184.705] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7a564) returned 0x0 [0184.705] IClientSecurity:QueryBlanket (in: This=0xb7a564, pProxy=0xb7a560, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0184.705] IUnknown:Release (This=0xb7a564) returned 0x1 [0184.705] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbec00) returned 0x0 [0184.705] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7a564) returned 0x0 [0184.705] IClientSecurity:SetBlanket (This=0xb7a564, pProxy=0xb7a560, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.707] IUnknown:Release (This=0xb7a564) returned 0x2 [0184.707] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0184.707] CoTaskMemFree (pv=0xe2f2c78) [0184.707] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbec00) returned 0x0 [0184.707] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0184.708] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0184.708] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0184.709] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0184.709] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0184.709] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0184.709] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbeb5c) returned 0x0 [0184.709] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.709] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0184.710] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0184.710] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0184.710] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbebe4) returned 0x0 [0184.710] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0184.710] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0184.710] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0184.710] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0184.710] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0184.711] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7a560) returned 0x0 [0184.711] IUnknown:AddRef (This=0xb7a560) returned 0x4 [0184.711] IUnknown:Release (This=0xb7a560) returned 0x3 [0184.711] IUnknown:Release (This=0xb7a560) returned 0x2 [0184.711] IUnknown:Release (This=0xb7aa10) returned 0x2 [0184.711] SysStringLen (param_1=0x0) returned 0x0 [0184.711] IEnumWbemClassObject:Reset (This=0xb7a560) returned 0x0 [0184.714] CoTaskMemAlloc (cb=0x4) returned 0xc16518 [0184.714] IEnumWbemClassObject:Next (in: This=0xb7a560, lTimeout=-1, uCount=0x1, apObjects=0xc16518, puReturned=0x6c00860 | out: apObjects=0xc16518*=0x0, puReturned=0x6c00860*=0x0) returned 0x1 [0184.716] CoTaskMemFree (pv=0xc16518) [0184.716] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.716] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0184.716] IUnknown:Release (This=0xb7a560) returned 0x0 [0184.760] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.760] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0184.760] IUnknown:Release (This=0xb7aa10) returned 0x0 [0184.761] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0184.762] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0184.762] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0184.762] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.763] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc16438) returned 0x0 [0184.763] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0184.763] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe3000c0) returned 0x0 [0184.763] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe3000c0) returned 0x0 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0184.764] WbemDefPath:IUnknown:AddRef (This=0xe3000c0) returned 0x3 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0184.764] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe31a7a8) returned 0x0 [0184.764] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe31a7a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.764] WbemDefPath:IUnknown:Release (This=0xe31a7a8) returned 0x3 [0184.764] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0184.765] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0184.765] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0184.765] WbemDefPath:IUnknown:Release (This=0xe3000c0) returned 0x2 [0184.765] WbemDefPath:IUnknown:Release (This=0xe3000c0) returned 0x1 [0184.765] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0184.765] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0184.765] WbemDefPath:IUnknown:QueryInterface (in: This=0xe3000c0, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe3000c0) returned 0x0 [0184.765] WbemDefPath:IUnknown:AddRef (This=0xe3000c0) returned 0x3 [0184.765] WbemDefPath:IUnknown:Release (This=0xe3000c0) returned 0x2 [0184.765] WbemDefPath:IWbemPath:SetText (This=0xe3000c0, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe3000c0, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x18, pszText=0x0) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed7c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed7c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe3000c0, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x18, pszText=0x0) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed68*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed68*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.766] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0184.766] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0184.766] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0184.766] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.766] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe31aa18) returned 0x0 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xe31aa18, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0184.767] WbemLocator:IClassFactory:CreateInstance (in: This=0xe31aa18, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc163e8) returned 0x0 [0184.767] WbemLocator:IUnknown:Release (This=0xe31aa18) returned 0x0 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc163e8) returned 0x0 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0184.767] WbemLocator:IUnknown:AddRef (This=0xc163e8) returned 0x3 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0184.767] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0184.768] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0184.768] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0184.768] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0184.768] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0184.768] WbemLocator:IUnknown:Release (This=0xc163e8) returned 0x2 [0184.768] WbemLocator:IUnknown:Release (This=0xc163e8) returned 0x1 [0184.768] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0184.768] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0184.768] WbemLocator:IUnknown:QueryInterface (in: This=0xc163e8, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc163e8) returned 0x0 [0184.768] WbemLocator:IUnknown:AddRef (This=0xc163e8) returned 0x3 [0184.768] WbemLocator:IUnknown:Release (This=0xc163e8) returned 0x2 [0184.768] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe3000c0, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0184.768] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x18, pszText=0x0) returned 0x0 [0184.768] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=8, puBuffLength=0x18ecd4*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ecd4*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.768] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc16438) returned 0x0 [0184.769] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16438, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe31d618) returned 0x0 [0184.800] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d618, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbe6dc) returned 0x0 [0184.800] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbe6dc, pProxy=0xe31d618, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0184.801] WbemLocator:IUnknown:Release (This=0xbbe6dc) returned 0x1 [0184.801] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d618, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbe700) returned 0x0 [0184.801] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d618, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbe6dc) returned 0x0 [0184.801] WbemLocator:IClientSecurity:SetBlanket (This=0xbbe6dc, pProxy=0xe31d618, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.801] WbemLocator:IUnknown:Release (This=0xbbe6dc) returned 0x2 [0184.801] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0184.801] CoTaskMemFree (pv=0xe2f2d38) [0184.801] WbemLocator:IUnknown:Release (This=0xc16438) returned 0x0 [0184.801] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d618, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbe700) returned 0x0 [0184.801] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0184.802] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0184.802] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d618, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0184.803] WbemLocator:IUnknown:AddRef (This=0xbbe700) returned 0x3 [0184.803] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0184.803] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0184.803] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbe65c) returned 0x0 [0184.803] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbe65c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.803] WbemLocator:IUnknown:Release (This=0xbbe65c) returned 0x3 [0184.803] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0184.804] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0184.804] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbe6e4) returned 0x0 [0184.804] WbemLocator:IRpcOptions:Query (in: This=0xbbe6e4, pPrx=0xbbe700, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0184.804] WbemLocator:IUnknown:Release (This=0xbbe6e4) returned 0x3 [0184.848] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x2 [0184.848] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0184.848] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0184.848] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe31d618) returned 0x0 [0184.848] WbemLocator:IUnknown:AddRef (This=0xe31d618) returned 0x4 [0184.848] WbemLocator:IUnknown:Release (This=0xe31d618) returned 0x3 [0184.848] WbemLocator:IUnknown:Release (This=0xe31d618) returned 0x2 [0184.848] SysStringLen (param_1=0x0) returned 0x0 [0184.848] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0184.848] WbemLocator:IUnknown:AddRef (This=0xbbe700) returned 0x3 [0184.848] WbemLocator:IUnknown:QueryInterface (in: This=0xbbe700, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbe700) returned 0x0 [0184.848] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x3 [0184.849] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x2 [0184.849] CoGetContextToken (in: pToken=0x18ead8 | out: pToken=0x18ead8) returned 0x0 [0184.849] WbemLocator:IUnknown:AddRef (This=0xe31d618) returned 0x3 [0184.849] IWbemServices:ExecQuery (in: This=0xe31d618, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7a3d0) returned 0x0 [0184.861] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb40 | out: ppvObject=0x18eb40*=0xb7a3d4) returned 0x0 [0184.861] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18eb90, pAuthzSvc=0x18eb8c, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88, pImpLevel=0x18eb78, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80 | out: pAuthnSvc=0x18eb90*=0xa, pAuthzSvc=0x18eb8c*=0x0, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88*=0x6, pImpLevel=0x18eb78*=0x2, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80*=0x1) returned 0x0 [0184.861] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0184.861] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb34 | out: ppvObject=0x18eb34*=0xbbf300) returned 0x0 [0184.861] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb20 | out: ppvObject=0x18eb20*=0xb7a3d4) returned 0x0 [0184.861] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.863] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0184.863] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x1 [0184.863] CoTaskMemFree (pv=0xe2f2d38) [0184.864] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e72c | out: ppvObject=0x18e72c*=0xbbf300) returned 0x0 [0184.864] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e8 | out: ppvObject=0x18e6e8*=0x0) returned 0x80004002 [0184.864] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0184.865] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0184.866] WbemLocator:IUnknown:AddRef (This=0xbbf300) returned 0x3 [0184.866] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0184.866] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0184.866] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbf25c) returned 0x0 [0184.866] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf25c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.866] WbemLocator:IUnknown:Release (This=0xbbf25c) returned 0x3 [0184.867] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0184.867] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0184.867] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbf2e4) returned 0x0 [0184.867] WbemLocator:IRpcOptions:Query (in: This=0xbbf2e4, pPrx=0xbbf300, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0184.870] WbemLocator:IUnknown:Release (This=0xbbf2e4) returned 0x3 [0184.871] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x2 [0184.871] CoGetContextToken (in: pToken=0x18ea40 | out: pToken=0x18ea40) returned 0x0 [0184.871] CoGetContextToken (in: pToken=0x18e9a0 | out: pToken=0x18e9a0) returned 0x0 [0184.871] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf300, riid=0x18ea70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea6c | out: ppvObject=0x18ea6c*=0xb7a3d0) returned 0x0 [0184.871] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0184.871] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0184.871] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0184.871] WbemLocator:IUnknown:Release (This=0xe31d618) returned 0x2 [0184.871] SysStringLen (param_1=0x0) returned 0x0 [0184.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe3000c0, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0184.872] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x18, pszText=0x0) returned 0x0 [0184.872] WbemDefPath:IWbemPath:GetText (in: This=0xe3000c0, lFlags=4, puBuffLength=0x18ed2c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x18ed2c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0184.872] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0184.872] IUnknown:AddRef (This=0xb7a3d0) returned 0x3 [0184.872] IEnumWbemClassObject:Clone (in: This=0xb7a3d0, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7aa10) returned 0x0 [0184.874] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7aa14) returned 0x0 [0184.874] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0184.874] IUnknown:Release (This=0xb7aa14) returned 0x1 [0184.874] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbfb00) returned 0x0 [0184.874] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7aa14) returned 0x0 [0184.874] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.878] IUnknown:Release (This=0xb7aa14) returned 0x2 [0184.878] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0184.878] CoTaskMemFree (pv=0xe2f2b88) [0184.878] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbfb00) returned 0x0 [0184.879] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0184.879] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0184.880] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0184.881] WbemLocator:IUnknown:AddRef (This=0xbbfb00) returned 0x3 [0184.881] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0184.881] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0184.881] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbfa5c) returned 0x0 [0184.881] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbfa5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.881] WbemLocator:IUnknown:Release (This=0xbbfa5c) returned 0x3 [0184.881] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0184.882] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0184.882] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbfae4) returned 0x0 [0184.882] WbemLocator:IRpcOptions:Query (in: This=0xbbfae4, pPrx=0xbbfb00, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0184.882] WbemLocator:IUnknown:Release (This=0xbbfae4) returned 0x3 [0184.885] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x2 [0184.885] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0184.885] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0184.885] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7aa10) returned 0x0 [0184.885] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0184.885] IUnknown:Release (This=0xb7aa10) returned 0x3 [0184.886] IUnknown:Release (This=0xb7aa10) returned 0x2 [0184.886] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0184.886] SysStringLen (param_1=0x0) returned 0x0 [0184.886] IEnumWbemClassObject:Reset (This=0xb7aa10) returned 0x0 [0184.887] CoTaskMemAlloc (cb=0x4) returned 0xc16478 [0184.887] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16478, puReturned=0x6c01954 | out: apObjects=0xc16478*=0x0, puReturned=0x6c01954*=0x0) returned 0x1 [0184.888] CoTaskMemFree (pv=0xc16478) [0184.888] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.888] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0184.888] IUnknown:Release (This=0xb7aa10) returned 0x0 [0184.891] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0184.891] WbemLocator:IUnknown:Release (This=0xbbf300) returned 0x1 [0184.891] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0184.896] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0184.897] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0184.897] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0184.897] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.903] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc163f8) returned 0x0 [0184.903] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0184.903] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe300050) returned 0x0 [0184.903] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0184.903] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe300050) returned 0x0 [0184.903] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0184.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0184.904] WbemDefPath:IUnknown:AddRef (This=0xe300050) returned 0x3 [0184.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0184.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0184.904] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe315eb8) returned 0x0 [0184.904] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315eb8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.904] WbemDefPath:IUnknown:Release (This=0xe315eb8) returned 0x3 [0184.904] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0184.905] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0184.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0184.905] WbemDefPath:IUnknown:Release (This=0xe300050) returned 0x2 [0184.905] WbemDefPath:IUnknown:Release (This=0xe300050) returned 0x1 [0184.905] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0184.905] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0184.905] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300050, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe300050) returned 0x0 [0184.905] WbemDefPath:IUnknown:AddRef (This=0xe300050) returned 0x3 [0184.906] WbemDefPath:IUnknown:Release (This=0xe300050) returned 0x2 [0184.906] WbemDefPath:IWbemPath:SetText (This=0xe300050, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x19, pszText=0x0) returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed7c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed7c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x19, pszText=0x0) returned 0x0 [0184.906] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed68*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed68*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0184.906] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0184.906] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0184.906] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0184.906] IUnknown:Release (This=0xb71a3c) returned 0x1 [0184.907] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe315f18) returned 0x0 [0184.907] WbemLocator:IUnknown:QueryInterface (in: This=0xe315f18, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0184.908] WbemLocator:IClassFactory:CreateInstance (in: This=0xe315f18, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc16418) returned 0x0 [0184.908] WbemLocator:IUnknown:Release (This=0xe315f18) returned 0x0 [0184.908] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc16418) returned 0x0 [0184.908] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0184.908] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0184.908] WbemLocator:IUnknown:AddRef (This=0xc16418) returned 0x3 [0184.908] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0184.908] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0184.909] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0184.909] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0184.909] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0184.909] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0184.909] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x2 [0184.909] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x1 [0184.909] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0184.909] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0184.909] WbemLocator:IUnknown:QueryInterface (in: This=0xc16418, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc16418) returned 0x0 [0184.909] WbemLocator:IUnknown:AddRef (This=0xc16418) returned 0x3 [0184.910] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x2 [0184.910] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0184.910] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x19, pszText=0x0) returned 0x0 [0184.910] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=8, puBuffLength=0x18ecd4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ecd4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0184.910] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc16518) returned 0x0 [0184.910] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16518, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe31d1b8) returned 0x0 [0184.949] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d1b8, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbf3dc) returned 0x0 [0184.949] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbf3dc, pProxy=0xe31d1b8, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0184.950] WbemLocator:IUnknown:Release (This=0xbbf3dc) returned 0x1 [0184.950] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d1b8, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbf400) returned 0x0 [0184.950] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d1b8, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbf3dc) returned 0x0 [0184.950] WbemLocator:IClientSecurity:SetBlanket (This=0xbbf3dc, pProxy=0xe31d1b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.950] WbemLocator:IUnknown:Release (This=0xbbf3dc) returned 0x2 [0184.950] WbemLocator:IUnknown:Release (This=0xbbf400) returned 0x1 [0184.950] CoTaskMemFree (pv=0xe2f2918) [0184.951] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x0 [0184.951] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d1b8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbf400) returned 0x0 [0184.951] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0184.953] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0184.965] WbemLocator:IUnknown:QueryInterface (in: This=0xe31d1b8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0184.968] WbemLocator:IUnknown:AddRef (This=0xbbf400) returned 0x3 [0184.968] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0184.968] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0184.968] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbf35c) returned 0x0 [0184.969] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf35c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.969] WbemLocator:IUnknown:Release (This=0xbbf35c) returned 0x3 [0184.970] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0184.970] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0184.970] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbf3e4) returned 0x0 [0184.970] WbemLocator:IRpcOptions:Query (in: This=0xbbf3e4, pPrx=0xbbf400, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0184.970] WbemLocator:IUnknown:Release (This=0xbbf3e4) returned 0x3 [0184.971] WbemLocator:IUnknown:Release (This=0xbbf400) returned 0x2 [0184.971] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0184.971] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0184.971] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe31d1b8) returned 0x0 [0184.972] WbemLocator:IUnknown:AddRef (This=0xe31d1b8) returned 0x4 [0184.972] WbemLocator:IUnknown:Release (This=0xe31d1b8) returned 0x3 [0184.972] WbemLocator:IUnknown:Release (This=0xe31d1b8) returned 0x2 [0184.972] SysStringLen (param_1=0x0) returned 0x0 [0184.972] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0184.972] WbemLocator:IUnknown:AddRef (This=0xbbf400) returned 0x3 [0184.973] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf400, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbf400) returned 0x0 [0184.974] WbemLocator:IUnknown:Release (This=0xbbf400) returned 0x3 [0184.974] WbemLocator:IUnknown:Release (This=0xbbf400) returned 0x2 [0184.974] CoGetContextToken (in: pToken=0x18ead8 | out: pToken=0x18ead8) returned 0x0 [0184.974] WbemLocator:IUnknown:AddRef (This=0xe31d1b8) returned 0x3 [0184.974] IWbemServices:ExecQuery (in: This=0xe31d1b8, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7aa10) returned 0x0 [0185.075] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb40 | out: ppvObject=0x18eb40*=0xb7aa14) returned 0x0 [0185.076] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18eb90, pAuthzSvc=0x18eb8c, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88, pImpLevel=0x18eb78, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80 | out: pAuthnSvc=0x18eb90*=0xa, pAuthzSvc=0x18eb8c*=0x0, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88*=0x6, pImpLevel=0x18eb78*=0x2, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80*=0x1) returned 0x0 [0185.076] IUnknown:Release (This=0xb7aa14) returned 0x1 [0185.076] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb34 | out: ppvObject=0x18eb34*=0xbbfb00) returned 0x0 [0185.076] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb20 | out: ppvObject=0x18eb20*=0xb7aa14) returned 0x0 [0185.076] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.079] IUnknown:Release (This=0xb7aa14) returned 0x2 [0185.079] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0185.079] CoTaskMemFree (pv=0xe2f2d38) [0185.080] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e72c | out: ppvObject=0x18e72c*=0xbbfb00) returned 0x0 [0185.080] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e8 | out: ppvObject=0x18e6e8*=0x0) returned 0x80004002 [0185.081] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0185.081] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0185.083] WbemLocator:IUnknown:AddRef (This=0xbbfb00) returned 0x3 [0185.083] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0185.083] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0185.083] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbfa5c) returned 0x0 [0185.084] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbfa5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.084] WbemLocator:IUnknown:Release (This=0xbbfa5c) returned 0x3 [0185.084] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0185.084] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0185.084] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbfae4) returned 0x0 [0185.084] WbemLocator:IRpcOptions:Query (in: This=0xbbfae4, pPrx=0xbbfb00, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0185.085] WbemLocator:IUnknown:Release (This=0xbbfae4) returned 0x3 [0185.085] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x2 [0185.085] CoGetContextToken (in: pToken=0x18ea40 | out: pToken=0x18ea40) returned 0x0 [0185.085] CoGetContextToken (in: pToken=0x18e9a0 | out: pToken=0x18e9a0) returned 0x0 [0185.085] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x18ea70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea6c | out: ppvObject=0x18ea6c*=0xb7aa10) returned 0x0 [0185.085] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0185.085] IUnknown:Release (This=0xb7aa10) returned 0x3 [0185.086] IUnknown:Release (This=0xb7aa10) returned 0x2 [0185.086] WbemLocator:IUnknown:Release (This=0xe31d1b8) returned 0x2 [0185.086] SysStringLen (param_1=0x0) returned 0x0 [0185.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0185.086] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x19, pszText=0x0) returned 0x0 [0185.086] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed2c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed2c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.086] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0185.086] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0185.090] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7a560) returned 0x0 [0185.091] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7a564) returned 0x0 [0185.092] IClientSecurity:QueryBlanket (in: This=0xb7a564, pProxy=0xb7a560, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0185.092] IUnknown:Release (This=0xb7a564) returned 0x1 [0185.092] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbdf00) returned 0x0 [0185.092] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7a564) returned 0x0 [0185.092] IClientSecurity:SetBlanket (This=0xb7a564, pProxy=0xb7a560, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.097] IUnknown:Release (This=0xb7a564) returned 0x2 [0185.097] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.097] CoTaskMemFree (pv=0xe2f2b88) [0185.097] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbdf00) returned 0x0 [0185.097] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0185.098] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0185.098] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0185.099] WbemLocator:IUnknown:AddRef (This=0xbbdf00) returned 0x3 [0185.099] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0185.099] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0185.099] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbde5c) returned 0x0 [0185.099] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbde5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.099] WbemLocator:IUnknown:Release (This=0xbbde5c) returned 0x3 [0185.099] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0185.099] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0185.099] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbdee4) returned 0x0 [0185.099] WbemLocator:IRpcOptions:Query (in: This=0xbbdee4, pPrx=0xbbdf00, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0185.099] WbemLocator:IUnknown:Release (This=0xbbdee4) returned 0x3 [0185.100] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x2 [0185.100] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0185.100] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0185.100] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7a560) returned 0x0 [0185.100] IUnknown:AddRef (This=0xb7a560) returned 0x4 [0185.100] IUnknown:Release (This=0xb7a560) returned 0x3 [0185.100] IUnknown:Release (This=0xb7a560) returned 0x2 [0185.100] IUnknown:Release (This=0xb7aa10) returned 0x2 [0185.100] SysStringLen (param_1=0x0) returned 0x0 [0185.100] IEnumWbemClassObject:Reset (This=0xb7a560) returned 0x0 [0185.103] CoTaskMemAlloc (cb=0x4) returned 0xc164e8 [0185.103] IEnumWbemClassObject:Next (in: This=0xb7a560, lTimeout=-1, uCount=0x1, apObjects=0xc164e8, puReturned=0x6c02efc | out: apObjects=0xc164e8*=0xe334828, puReturned=0x6c02efc*=0x1) returned 0x0 [0185.104] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e398 | out: ppvObject=0x18e398*=0xe334828) returned 0x0 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e354 | out: ppvObject=0x18e354*=0x0) returned 0x80004002 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e174 | out: ppvObject=0x18e174*=0x0) returned 0x80004002 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df4c | out: ppvObject=0x18df4c*=0x0) returned 0x80004002 [0185.105] IUnknown:AddRef (This=0xe334828) returned 0x3 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dcac | out: ppvObject=0x18dcac*=0x0) returned 0x80004002 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc5c | out: ppvObject=0x18dc5c*=0x0) returned 0x80004002 [0185.105] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dc68 | out: ppvObject=0x18dc68*=0xe33482c) returned 0x0 [0185.105] IMarshal:GetUnmarshalClass (in: This=0xe33482c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dc70 | out: pCid=0x18dc70*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0185.105] IUnknown:Release (This=0xe33482c) returned 0x3 [0185.105] CoGetContextToken (in: pToken=0x18dcc8 | out: pToken=0x18dcc8) returned 0x0 [0185.106] CoGetContextToken (in: pToken=0x18e0d0 | out: pToken=0x18e0d0) returned 0x0 [0185.106] IUnknown:QueryInterface (in: This=0xe334828, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e15c | out: ppvObject=0x18e15c*=0x0) returned 0x80004002 [0185.106] IUnknown:Release (This=0xe334828) returned 0x2 [0185.106] CoGetContextToken (in: pToken=0x18e6a8 | out: pToken=0x18e6a8) returned 0x0 [0185.106] CoGetContextToken (in: pToken=0x18e608 | out: pToken=0x18e608) returned 0x0 [0185.106] IUnknown:QueryInterface (in: This=0xe334828, riid=0x18e6d8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e6d4 | out: ppvObject=0x18e6d4*=0xe334828) returned 0x0 [0185.106] IUnknown:AddRef (This=0xe334828) returned 0x4 [0185.106] IUnknown:Release (This=0xe334828) returned 0x3 [0185.106] IUnknown:Release (This=0xe334828) returned 0x2 [0185.106] CoTaskMemFree (pv=0xc164e8) [0185.106] CoGetContextToken (in: pToken=0x18ea18 | out: pToken=0x18ea18) returned 0x0 [0185.106] IUnknown:AddRef (This=0xe334828) returned 0x3 [0185.106] IWbemClassObject:Get (in: This=0xe334828, wszName="__GENUS", lFlags=0, pVal=0x18ed2c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edac*=0, plFlavor=0x18eda8*=0 | out: pVal=0x18ed2c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18edac*=3, plFlavor=0x18eda8*=64) returned 0x0 [0185.107] IWbemClassObject:Get (in: This=0xe334828, wszName="__PATH", lFlags=0, pVal=0x18ed10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ed94*=0, plFlavor=0x18ed90*=0 | out: pVal=0x18ed10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x18ed94*=8, plFlavor=0x18ed90*=64) returned 0x0 [0185.107] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xc8 [0185.107] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xc8 [0185.107] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed3c | out: ppv=0x18ed3c*=0xb71a3c) returned 0x0 [0185.107] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed34 | out: pAptType=0x18ed34*=1) returned 0x0 [0185.107] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed38 | out: ppvObject=0x18ed38*=0x0) returned 0x80004002 [0185.107] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.108] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6a0 | out: ppv=0x18e6a0*=0xc16488) returned 0x0 [0185.108] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16488, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8bc | out: ppvObject=0x18e8bc*=0x0) returned 0x80004002 [0185.109] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16488, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8c8 | out: ppvObject=0x18e8c8*=0xe300520) returned 0x0 [0185.109] WbemDefPath:IUnknown:Release (This=0xc16488) returned 0x0 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xe300520) returned 0x0 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4a8 | out: ppvObject=0x18e4a8*=0x0) returned 0x80004002 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e09c | out: ppvObject=0x18e09c*=0x0) returned 0x80004002 [0185.109] WbemDefPath:IUnknown:AddRef (This=0xe300520) returned 0x3 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18ddfc | out: ppvObject=0x18ddfc*=0x0) returned 0x80004002 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddac | out: ppvObject=0x18ddac*=0x0) returned 0x80004002 [0185.109] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddb8 | out: ppvObject=0x18ddb8*=0xe315d50) returned 0x0 [0185.109] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315d50, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddc0 | out: pCid=0x18ddc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.110] WbemDefPath:IUnknown:Release (This=0xe315d50) returned 0x3 [0185.110] CoGetContextToken (in: pToken=0x18de18 | out: pToken=0x18de18) returned 0x0 [0185.110] CoGetContextToken (in: pToken=0x18e220 | out: pToken=0x18e220) returned 0x0 [0185.110] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2ac | out: ppvObject=0x18e2ac*=0x0) returned 0x80004002 [0185.110] WbemDefPath:IUnknown:Release (This=0xe300520) returned 0x2 [0185.110] WbemDefPath:IUnknown:Release (This=0xe300520) returned 0x1 [0185.110] CoGetContextToken (in: pToken=0x18ebb8 | out: pToken=0x18ebb8) returned 0x0 [0185.110] CoGetContextToken (in: pToken=0x18eb18 | out: pToken=0x18eb18) returned 0x0 [0185.110] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300520, riid=0x18ebe8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebe4 | out: ppvObject=0x18ebe4*=0xe300520) returned 0x0 [0185.110] WbemDefPath:IUnknown:AddRef (This=0xe300520) returned 0x3 [0185.110] WbemDefPath:IUnknown:Release (This=0xe300520) returned 0x2 [0185.110] WbemDefPath:IWbemPath:SetText (This=0xe300520, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0185.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed68 | out: puCount=0x18ed68*=0x2) returned 0x0 [0185.110] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed64*=0x0, pszText=0x0 | out: puBuffLength=0x18ed64*=0x19, pszText=0x0) returned 0x0 [0185.111] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed64*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed64*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.111] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed34 | out: puCount=0x18ed34*=0x2) returned 0x0 [0185.111] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed30*=0x0, pszText=0x0 | out: puBuffLength=0x18ed30*=0x19, pszText=0x0) returned 0x0 [0185.111] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed30*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed30*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.111] IWbemClassObject:Get (in: This=0xe334828, wszName="displayName", lFlags=0, pVal=0x18ed30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03800*=0, plFlavor=0x6c03804*=0 | out: pVal=0x18ed30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c03800*=8, plFlavor=0x6c03804*=0) returned 0x0 [0185.111] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.111] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.111] IWbemClassObject:Get (in: This=0xe334828, wszName="displayName", lFlags=0, pVal=0x18ed38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03800*=8, plFlavor=0x6c03804*=0 | out: pVal=0x18ed38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c03800*=8, plFlavor=0x6c03804*=0) returned 0x0 [0185.111] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.111] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.112] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300050, puCount=0x18ed34 | out: puCount=0x18ed34*=0x2) returned 0x0 [0185.112] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed30*=0x0, pszText=0x0 | out: puBuffLength=0x18ed30*=0x19, pszText=0x0) returned 0x0 [0185.112] WbemDefPath:IWbemPath:GetText (in: This=0xe300050, lFlags=4, puBuffLength=0x18ed30*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed30*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.112] IWbemClassObject:Get (in: This=0xe334828, wszName="displayName", lFlags=0, pVal=0x18ed30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03934*=0, plFlavor=0x6c03938*=0 | out: pVal=0x18ed30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c03934*=8, plFlavor=0x6c03938*=0) returned 0x0 [0185.112] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.112] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.112] IWbemClassObject:Get (in: This=0xe334828, wszName="displayName", lFlags=0, pVal=0x18ed38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c03934*=8, plFlavor=0x6c03938*=0 | out: pVal=0x18ed38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c03934*=8, plFlavor=0x6c03938*=0) returned 0x0 [0185.112] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.112] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.113] CoTaskMemAlloc (cb=0x4) returned 0xc16488 [0185.113] IEnumWbemClassObject:Next (in: This=0xb7a560, lTimeout=-1, uCount=0x1, apObjects=0xc16488, puReturned=0x6c02efc | out: apObjects=0xc16488*=0x0, puReturned=0x6c02efc*=0x0) returned 0x1 [0185.113] CoTaskMemFree (pv=0xc16488) [0185.114] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.114] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.114] IUnknown:Release (This=0xb7a560) returned 0x0 [0185.116] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.116] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0185.116] IUnknown:Release (This=0xb7aa10) returned 0x0 [0185.121] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0185.121] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0185.121] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0185.121] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.122] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc163f8) returned 0x0 [0185.122] WbemDefPath:IUnknown:QueryInterface (in: This=0xc163f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0185.122] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc163f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe2ffb80) returned 0x0 [0185.123] WbemDefPath:IUnknown:Release (This=0xc163f8) returned 0x0 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe2ffb80) returned 0x0 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0185.123] WbemDefPath:IUnknown:AddRef (This=0xe2ffb80) returned 0x3 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0185.123] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe315cf0) returned 0x0 [0185.123] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315cf0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.123] WbemDefPath:IUnknown:Release (This=0xe315cf0) returned 0x3 [0185.123] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0185.124] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0185.124] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0185.124] WbemDefPath:IUnknown:Release (This=0xe2ffb80) returned 0x2 [0185.124] WbemDefPath:IUnknown:Release (This=0xe2ffb80) returned 0x1 [0185.124] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0185.124] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0185.124] WbemDefPath:IUnknown:QueryInterface (in: This=0xe2ffb80, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe2ffb80) returned 0x0 [0185.124] WbemDefPath:IUnknown:AddRef (This=0xe2ffb80) returned 0x3 [0185.124] WbemDefPath:IUnknown:Release (This=0xe2ffb80) returned 0x2 [0185.124] WbemDefPath:IWbemPath:SetText (This=0xe2ffb80, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x19, pszText=0x0) returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed7c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed7c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x19, pszText=0x0) returned 0x0 [0185.124] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed68*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed68*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.124] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0185.125] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0185.125] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0185.125] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.125] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe315300) returned 0x0 [0185.125] WbemLocator:IUnknown:QueryInterface (in: This=0xe315300, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0185.125] WbemLocator:IClassFactory:CreateInstance (in: This=0xe315300, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc16468) returned 0x0 [0185.126] WbemLocator:IUnknown:Release (This=0xe315300) returned 0x0 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc16468) returned 0x0 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0185.126] WbemLocator:IUnknown:AddRef (This=0xc16468) returned 0x3 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0185.126] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0185.126] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0185.126] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0185.127] WbemLocator:IUnknown:Release (This=0xc16468) returned 0x2 [0185.127] WbemLocator:IUnknown:Release (This=0xc16468) returned 0x1 [0185.127] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0185.127] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0185.127] WbemLocator:IUnknown:QueryInterface (in: This=0xc16468, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc16468) returned 0x0 [0185.127] WbemLocator:IUnknown:AddRef (This=0xc16468) returned 0x3 [0185.127] WbemLocator:IUnknown:Release (This=0xc16468) returned 0x2 [0185.127] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0185.127] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x19, pszText=0x0) returned 0x0 [0185.127] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=8, puBuffLength=0x18ecd4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ecd4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.127] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc163f8) returned 0x0 [0185.127] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc163f8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe31cf88) returned 0x0 [0185.171] WbemLocator:IUnknown:QueryInterface (in: This=0xe31cf88, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbfadc) returned 0x0 [0185.171] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbfadc, pProxy=0xe31cf88, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0185.171] WbemLocator:IUnknown:Release (This=0xbbfadc) returned 0x1 [0185.172] WbemLocator:IUnknown:QueryInterface (in: This=0xe31cf88, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbfb00) returned 0x0 [0185.172] WbemLocator:IUnknown:QueryInterface (in: This=0xe31cf88, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbfadc) returned 0x0 [0185.172] WbemLocator:IClientSecurity:SetBlanket (This=0xbbfadc, pProxy=0xe31cf88, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.172] WbemLocator:IUnknown:Release (This=0xbbfadc) returned 0x2 [0185.172] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0185.172] CoTaskMemFree (pv=0xe2f2c78) [0185.172] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x0 [0185.172] WbemLocator:IUnknown:QueryInterface (in: This=0xe31cf88, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbfb00) returned 0x0 [0185.172] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0185.173] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0185.173] WbemLocator:IUnknown:QueryInterface (in: This=0xe31cf88, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0185.174] WbemLocator:IUnknown:AddRef (This=0xbbfb00) returned 0x3 [0185.174] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0185.174] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0185.174] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbfa5c) returned 0x0 [0185.174] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbfa5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.174] WbemLocator:IUnknown:Release (This=0xbbfa5c) returned 0x3 [0185.174] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0185.175] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0185.175] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbfae4) returned 0x0 [0185.175] WbemLocator:IRpcOptions:Query (in: This=0xbbfae4, pPrx=0xbbfb00, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0185.175] WbemLocator:IUnknown:Release (This=0xbbfae4) returned 0x3 [0185.175] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x2 [0185.175] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0185.175] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0185.175] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe31cf88) returned 0x0 [0185.175] WbemLocator:IUnknown:AddRef (This=0xe31cf88) returned 0x4 [0185.175] WbemLocator:IUnknown:Release (This=0xe31cf88) returned 0x3 [0185.175] WbemLocator:IUnknown:Release (This=0xe31cf88) returned 0x2 [0185.175] SysStringLen (param_1=0x0) returned 0x0 [0185.175] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0185.175] WbemLocator:IUnknown:AddRef (This=0xbbfb00) returned 0x3 [0185.175] WbemLocator:IUnknown:QueryInterface (in: This=0xbbfb00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbfb00) returned 0x0 [0185.176] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x3 [0185.176] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x2 [0185.176] CoGetContextToken (in: pToken=0x18ead0 | out: pToken=0x18ead0) returned 0x0 [0185.176] WbemLocator:IUnknown:AddRef (This=0xe31cf88) returned 0x3 [0185.176] IWbemServices:ExecQuery (in: This=0xe31cf88, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7a560) returned 0x0 [0185.185] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xb7a564) returned 0x0 [0185.185] IClientSecurity:QueryBlanket (in: This=0xb7a564, pProxy=0xb7a560, pAuthnSvc=0x18eb8c, pAuthzSvc=0x18eb88, pServerPrincName=0x18eb80, pAuthnLevel=0x18eb84, pImpLevel=0x18eb74, pAuthInfo=0x18eb78, pCapabilites=0x18eb7c | out: pAuthnSvc=0x18eb8c*=0xa, pAuthzSvc=0x18eb88*=0x0, pServerPrincName=0x18eb80, pAuthnLevel=0x18eb84*=0x6, pImpLevel=0x18eb74*=0x2, pAuthInfo=0x18eb78, pCapabilites=0x18eb7c*=0x1) returned 0x0 [0185.185] IUnknown:Release (This=0xb7a564) returned 0x1 [0185.185] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xbbf600) returned 0x0 [0185.185] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb1c | out: ppvObject=0x18eb1c*=0xb7a564) returned 0x0 [0185.185] IClientSecurity:SetBlanket (This=0xb7a564, pProxy=0xb7a560, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.192] IUnknown:Release (This=0xb7a564) returned 0x2 [0185.192] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0185.192] CoTaskMemFree (pv=0xe2f2c78) [0185.193] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e728 | out: ppvObject=0x18e728*=0xbbf600) returned 0x0 [0185.193] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e4 | out: ppvObject=0x18e6e4*=0x0) returned 0x80004002 [0185.193] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0185.194] IUnknown:QueryInterface (in: This=0xb7a560, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0185.194] WbemLocator:IUnknown:AddRef (This=0xbbf600) returned 0x3 [0185.194] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0185.195] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0185.195] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbf55c) returned 0x0 [0185.195] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbf55c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.195] WbemLocator:IUnknown:Release (This=0xbbf55c) returned 0x3 [0185.195] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0185.195] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0185.195] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbf5e4) returned 0x0 [0185.196] WbemLocator:IRpcOptions:Query (in: This=0xbbf5e4, pPrx=0xbbf600, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0185.196] WbemLocator:IUnknown:Release (This=0xbbf5e4) returned 0x3 [0185.196] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x2 [0185.196] CoGetContextToken (in: pToken=0x18ea38 | out: pToken=0x18ea38) returned 0x0 [0185.196] CoGetContextToken (in: pToken=0x18e998 | out: pToken=0x18e998) returned 0x0 [0185.196] WbemLocator:IUnknown:QueryInterface (in: This=0xbbf600, riid=0x18ea68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea64 | out: ppvObject=0x18ea64*=0xb7a560) returned 0x0 [0185.196] IUnknown:AddRef (This=0xb7a560) returned 0x4 [0185.196] IUnknown:Release (This=0xb7a560) returned 0x3 [0185.196] IUnknown:Release (This=0xb7a560) returned 0x2 [0185.196] WbemLocator:IUnknown:Release (This=0xe31cf88) returned 0x2 [0185.196] SysStringLen (param_1=0x0) returned 0x0 [0185.196] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0185.196] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x19, pszText=0x0) returned 0x0 [0185.196] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed2c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed2c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.196] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0185.197] IUnknown:AddRef (This=0xb7a560) returned 0x3 [0185.197] IEnumWbemClassObject:Clone (in: This=0xb7a560, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7aa10) returned 0x0 [0185.198] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7aa14) returned 0x0 [0185.199] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0185.199] IUnknown:Release (This=0xb7aa14) returned 0x1 [0185.199] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbdf00) returned 0x0 [0185.199] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7aa14) returned 0x0 [0185.199] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.201] IUnknown:Release (This=0xb7aa14) returned 0x2 [0185.201] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.201] CoTaskMemFree (pv=0xe2f2b58) [0185.201] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbdf00) returned 0x0 [0185.201] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0185.202] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0185.202] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0185.203] WbemLocator:IUnknown:AddRef (This=0xbbdf00) returned 0x3 [0185.203] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0185.203] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0185.203] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbde5c) returned 0x0 [0185.203] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbde5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.203] WbemLocator:IUnknown:Release (This=0xbbde5c) returned 0x3 [0185.203] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0185.203] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0185.203] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbdee4) returned 0x0 [0185.204] WbemLocator:IRpcOptions:Query (in: This=0xbbdee4, pPrx=0xbbdf00, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0185.204] WbemLocator:IUnknown:Release (This=0xbbdee4) returned 0x3 [0185.204] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x2 [0185.204] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0185.204] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0185.204] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7aa10) returned 0x0 [0185.204] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0185.204] IUnknown:Release (This=0xb7aa10) returned 0x3 [0185.204] IUnknown:Release (This=0xb7aa10) returned 0x2 [0185.204] IUnknown:Release (This=0xb7a560) returned 0x2 [0185.204] SysStringLen (param_1=0x0) returned 0x0 [0185.204] IEnumWbemClassObject:Reset (This=0xb7aa10) returned 0x0 [0185.205] CoTaskMemAlloc (cb=0x4) returned 0xc16548 [0185.205] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16548, puReturned=0x6c04aac | out: apObjects=0xc16548*=0xe3012a8, puReturned=0x6c04aac*=0x1) returned 0x0 [0185.206] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e398 | out: ppvObject=0x18e398*=0xe3012a8) returned 0x0 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e354 | out: ppvObject=0x18e354*=0x0) returned 0x80004002 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e174 | out: ppvObject=0x18e174*=0x0) returned 0x80004002 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18df4c | out: ppvObject=0x18df4c*=0x0) returned 0x80004002 [0185.207] IUnknown:AddRef (This=0xe3012a8) returned 0x3 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dcac | out: ppvObject=0x18dcac*=0x0) returned 0x80004002 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dc5c | out: ppvObject=0x18dc5c*=0x0) returned 0x80004002 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dc68 | out: ppvObject=0x18dc68*=0xe3012ac) returned 0x0 [0185.207] IMarshal:GetUnmarshalClass (in: This=0xe3012ac, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dc70 | out: pCid=0x18dc70*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0185.207] IUnknown:Release (This=0xe3012ac) returned 0x3 [0185.207] CoGetContextToken (in: pToken=0x18dcc8 | out: pToken=0x18dcc8) returned 0x0 [0185.207] CoGetContextToken (in: pToken=0x18e0d0 | out: pToken=0x18e0d0) returned 0x0 [0185.207] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e15c | out: ppvObject=0x18e15c*=0x0) returned 0x80004002 [0185.208] IUnknown:Release (This=0xe3012a8) returned 0x2 [0185.208] CoGetContextToken (in: pToken=0x18e6a8 | out: pToken=0x18e6a8) returned 0x0 [0185.208] CoGetContextToken (in: pToken=0x18e608 | out: pToken=0x18e608) returned 0x0 [0185.208] IUnknown:QueryInterface (in: This=0xe3012a8, riid=0x18e6d8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18e6d4 | out: ppvObject=0x18e6d4*=0xe3012a8) returned 0x0 [0185.208] IUnknown:AddRef (This=0xe3012a8) returned 0x4 [0185.208] IUnknown:Release (This=0xe3012a8) returned 0x3 [0185.208] IUnknown:Release (This=0xe3012a8) returned 0x2 [0185.208] CoTaskMemFree (pv=0xc16548) [0185.208] CoGetContextToken (in: pToken=0x18ea18 | out: pToken=0x18ea18) returned 0x0 [0185.208] IUnknown:AddRef (This=0xe3012a8) returned 0x3 [0185.208] IWbemClassObject:Get (in: This=0xe3012a8, wszName="__GENUS", lFlags=0, pVal=0x18ed2c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18edac*=0, plFlavor=0x18eda8*=0 | out: pVal=0x18ed2c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x18edac*=3, plFlavor=0x18eda8*=64) returned 0x0 [0185.208] IWbemClassObject:Get (in: This=0xe3012a8, wszName="__PATH", lFlags=0, pVal=0x18ed10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x18ed94*=0, plFlavor=0x18ed90*=0 | out: pVal=0x18ed10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x18ed94*=8, plFlavor=0x18ed90*=64) returned 0x0 [0185.209] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xcc [0185.209] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xcc [0185.209] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed3c | out: ppv=0x18ed3c*=0xb71a3c) returned 0x0 [0185.209] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed34 | out: pAptType=0x18ed34*=1) returned 0x0 [0185.209] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed38 | out: ppvObject=0x18ed38*=0x0) returned 0x80004002 [0185.209] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.210] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6a0 | out: ppv=0x18e6a0*=0xc16548) returned 0x0 [0185.210] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16548, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8bc | out: ppvObject=0x18e8bc*=0x0) returned 0x80004002 [0185.210] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16548, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8c8 | out: ppvObject=0x18e8c8*=0xe300280) returned 0x0 [0185.211] WbemDefPath:IUnknown:Release (This=0xc16548) returned 0x0 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xe300280) returned 0x0 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4a8 | out: ppvObject=0x18e4a8*=0x0) returned 0x80004002 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e09c | out: ppvObject=0x18e09c*=0x0) returned 0x80004002 [0185.211] WbemDefPath:IUnknown:AddRef (This=0xe300280) returned 0x3 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18ddfc | out: ppvObject=0x18ddfc*=0x0) returned 0x80004002 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddac | out: ppvObject=0x18ddac*=0x0) returned 0x80004002 [0185.211] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddb8 | out: ppvObject=0x18ddb8*=0xe3152e8) returned 0x0 [0185.211] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe3152e8, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18ddc0 | out: pCid=0x18ddc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.211] WbemDefPath:IUnknown:Release (This=0xe3152e8) returned 0x3 [0185.211] CoGetContextToken (in: pToken=0x18de18 | out: pToken=0x18de18) returned 0x0 [0185.212] CoGetContextToken (in: pToken=0x18e220 | out: pToken=0x18e220) returned 0x0 [0185.212] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2ac | out: ppvObject=0x18e2ac*=0x0) returned 0x80004002 [0185.212] WbemDefPath:IUnknown:Release (This=0xe300280) returned 0x2 [0185.212] WbemDefPath:IUnknown:Release (This=0xe300280) returned 0x1 [0185.212] CoGetContextToken (in: pToken=0x18ebb8 | out: pToken=0x18ebb8) returned 0x0 [0185.212] CoGetContextToken (in: pToken=0x18eb18 | out: pToken=0x18eb18) returned 0x0 [0185.212] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300280, riid=0x18ebe8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebe4 | out: ppvObject=0x18ebe4*=0xe300280) returned 0x0 [0185.212] WbemDefPath:IUnknown:AddRef (This=0xe300280) returned 0x3 [0185.212] WbemDefPath:IUnknown:Release (This=0xe300280) returned 0x2 [0185.212] WbemDefPath:IWbemPath:SetText (This=0xe300280, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0185.212] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ed68 | out: puCount=0x18ed68*=0x2) returned 0x0 [0185.212] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed64*=0x0, pszText=0x0 | out: puBuffLength=0x18ed64*=0x19, pszText=0x0) returned 0x0 [0185.212] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed64*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed64*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe2ffb80, puCount=0x18ed34 | out: puCount=0x18ed34*=0x2) returned 0x0 [0185.213] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed30*=0x0, pszText=0x0 | out: puBuffLength=0x18ed30*=0x19, pszText=0x0) returned 0x0 [0185.213] WbemDefPath:IWbemPath:GetText (in: This=0xe2ffb80, lFlags=4, puBuffLength=0x18ed30*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed30*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.213] IWbemClassObject:Get (in: This=0xe3012a8, wszName="displayName", lFlags=0, pVal=0x18ed30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c053b4*=0, plFlavor=0x6c053b8*=0 | out: pVal=0x18ed30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c053b4*=8, plFlavor=0x6c053b8*=0) returned 0x0 [0185.213] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.213] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.213] IWbemClassObject:Get (in: This=0xe3012a8, wszName="displayName", lFlags=0, pVal=0x18ed38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6c053b4*=8, plFlavor=0x6c053b8*=0 | out: pVal=0x18ed38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x6c053b4*=8, plFlavor=0x6c053b8*=0) returned 0x0 [0185.213] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.213] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0185.213] CoTaskMemAlloc (cb=0x4) returned 0xc16548 [0185.213] IEnumWbemClassObject:Next (in: This=0xb7aa10, lTimeout=-1, uCount=0x1, apObjects=0xc16548, puReturned=0x6c04aac | out: apObjects=0xc16548*=0x0, puReturned=0x6c04aac*=0x0) returned 0x1 [0185.214] CoTaskMemFree (pv=0xc16548) [0185.214] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.214] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.214] IUnknown:Release (This=0xb7aa10) returned 0x0 [0185.215] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.215] WbemLocator:IUnknown:Release (This=0xbbf600) returned 0x1 [0185.215] IUnknown:Release (This=0xb7a560) returned 0x0 [0185.217] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ed58 | out: ppv=0x18ed58*=0xb71a3c) returned 0x0 [0185.217] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ed50 | out: pAptType=0x18ed50*=1) returned 0x0 [0185.217] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ed54 | out: ppvObject=0x18ed54*=0x0) returned 0x80004002 [0185.217] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.218] CoGetClassObject (in: rclsid=0xc21534*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e6c0 | out: ppv=0x18e6c0*=0xc16438) returned 0x0 [0185.218] WbemDefPath:IUnknown:QueryInterface (in: This=0xc16438, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e8dc | out: ppvObject=0x18e8dc*=0x0) returned 0x80004002 [0185.218] WbemDefPath:IClassFactory:CreateInstance (in: This=0xc16438, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e8e8 | out: ppvObject=0x18e8e8*=0xe300670) returned 0x0 [0185.218] WbemDefPath:IUnknown:Release (This=0xc16438) returned 0x0 [0185.218] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e50c | out: ppvObject=0x18e50c*=0xe300670) returned 0x0 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e4c8 | out: ppvObject=0x18e4c8*=0x0) returned 0x80004002 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e0bc | out: ppvObject=0x18e0bc*=0x0) returned 0x80004002 [0185.219] WbemDefPath:IUnknown:AddRef (This=0xe300670) returned 0x3 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18de1c | out: ppvObject=0x18de1c*=0x0) returned 0x80004002 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18ddcc | out: ppvObject=0x18ddcc*=0x0) returned 0x80004002 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ddd8 | out: ppvObject=0x18ddd8*=0xe315210) returned 0x0 [0185.219] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xe315210, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18dde0 | out: pCid=0x18dde0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.219] WbemDefPath:IUnknown:Release (This=0xe315210) returned 0x3 [0185.219] CoGetContextToken (in: pToken=0x18de38 | out: pToken=0x18de38) returned 0x0 [0185.219] CoGetContextToken (in: pToken=0x18e240 | out: pToken=0x18e240) returned 0x0 [0185.219] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e2cc | out: ppvObject=0x18e2cc*=0x0) returned 0x80004002 [0185.220] WbemDefPath:IUnknown:Release (This=0xe300670) returned 0x2 [0185.220] WbemDefPath:IUnknown:Release (This=0xe300670) returned 0x1 [0185.220] CoGetContextToken (in: pToken=0x18ebd0 | out: pToken=0x18ebd0) returned 0x0 [0185.220] CoGetContextToken (in: pToken=0x18eb30 | out: pToken=0x18eb30) returned 0x0 [0185.220] WbemDefPath:IUnknown:QueryInterface (in: This=0xe300670, riid=0x18ec00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x18ebfc | out: ppvObject=0x18ebfc*=0xe300670) returned 0x0 [0185.220] WbemDefPath:IUnknown:AddRef (This=0xe300670) returned 0x3 [0185.220] WbemDefPath:IUnknown:Release (This=0xe300670) returned 0x2 [0185.220] WbemDefPath:IWbemPath:SetText (This=0xe300670, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300670, puCount=0x18ed80 | out: puCount=0x18ed80*=0x2) returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed7c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed7c*=0x19, pszText=0x0) returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed7c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed7c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300670, puCount=0x18ed6c | out: puCount=0x18ed6c*=0x2) returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed68*=0x0, pszText=0x0 | out: puBuffLength=0x18ed68*=0x19, pszText=0x0) returned 0x0 [0185.220] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed68*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed68*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.220] CoGetObjectContext (in: riid=0x6b227e0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18ecfc | out: ppv=0x18ecfc*=0xb71a3c) returned 0x0 [0185.220] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb71a3c, pAptType=0x18ecf4 | out: pAptType=0x18ecf4*=1) returned 0x0 [0185.220] IUnknown:QueryInterface (in: This=0xb71a3c, riid=0x6b227c8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x18ecf8 | out: ppvObject=0x18ecf8*=0x0) returned 0x80004002 [0185.221] IUnknown:Release (This=0xb71a3c) returned 0x1 [0185.221] CoGetClassObject (in: rclsid=0xc21684*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f1f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18e908 | out: ppv=0x18e908*=0xe3154f8) returned 0x0 [0185.221] WbemLocator:IUnknown:QueryInterface (in: This=0xe3154f8, riid=0x6f1d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18eb24 | out: ppvObject=0x18eb24*=0x0) returned 0x80004002 [0185.221] WbemLocator:IClassFactory:CreateInstance (in: This=0xe3154f8, pUnkOuter=0x0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb30 | out: ppvObject=0x18eb30*=0xc16518) returned 0x0 [0185.221] WbemLocator:IUnknown:Release (This=0xe3154f8) returned 0x0 [0185.221] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e754 | out: ppvObject=0x18e754*=0xc16518) returned 0x0 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e710 | out: ppvObject=0x18e710*=0x0) returned 0x80004002 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e304 | out: ppvObject=0x18e304*=0x0) returned 0x80004002 [0185.222] WbemLocator:IUnknown:AddRef (This=0xc16518) returned 0x3 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e064 | out: ppvObject=0x18e064*=0x0) returned 0x80004002 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e014 | out: ppvObject=0x18e014*=0x0) returned 0x80004002 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e020 | out: ppvObject=0x18e020*=0x0) returned 0x80004002 [0185.222] CoGetContextToken (in: pToken=0x18e080 | out: pToken=0x18e080) returned 0x0 [0185.222] CoGetContextToken (in: pToken=0x18e488 | out: pToken=0x18e488) returned 0x0 [0185.222] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e514 | out: ppvObject=0x18e514*=0x0) returned 0x80004002 [0185.222] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x2 [0185.222] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x1 [0185.222] CoGetContextToken (in: pToken=0x18eb10 | out: pToken=0x18eb10) returned 0x0 [0185.222] CoGetContextToken (in: pToken=0x18ea70 | out: pToken=0x18ea70) returned 0x0 [0185.223] WbemLocator:IUnknown:QueryInterface (in: This=0xc16518, riid=0x18eb40*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x18eb3c | out: ppvObject=0x18eb3c*=0xc16518) returned 0x0 [0185.223] WbemLocator:IUnknown:AddRef (This=0xc16518) returned 0x3 [0185.223] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x2 [0185.223] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300670, puCount=0x18ecd8 | out: puCount=0x18ecd8*=0x2) returned 0x0 [0185.223] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=8, puBuffLength=0x18ecd4*=0x0, pszText=0x0 | out: puBuffLength=0x18ecd4*=0x19, pszText=0x0) returned 0x0 [0185.223] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=8, puBuffLength=0x18ecd4*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ecd4*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.223] CoCreateInstance (in: rclsid=0x685213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x68521414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x18eb9c | out: ppv=0x18eb9c*=0xc16438) returned 0x0 [0185.223] WbemLocator:IWbemLocator:ConnectServer (in: This=0xc16438, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x18ec44 | out: ppNamespace=0x18ec44*=0xe3029d0) returned 0x0 [0185.243] WbemLocator:IUnknown:QueryInterface (in: This=0xe3029d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eac4 | out: ppvObject=0x18eac4*=0xbbecdc) returned 0x0 [0185.243] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xbbecdc, pProxy=0xe3029d0, pAuthnSvc=0x18eb14, pAuthzSvc=0x18eb10, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c, pImpLevel=0x18eafc, pAuthInfo=0x18eb00, pCapabilites=0x18eb04 | out: pAuthnSvc=0x18eb14*=0xa, pAuthzSvc=0x18eb10*=0x0, pServerPrincName=0x18eb08, pAuthnLevel=0x18eb0c*=0x6, pImpLevel=0x18eafc*=0x2, pAuthInfo=0x18eb00, pCapabilites=0x18eb04*=0x1) returned 0x0 [0185.243] WbemLocator:IUnknown:Release (This=0xbbecdc) returned 0x1 [0185.243] WbemLocator:IUnknown:QueryInterface (in: This=0xe3029d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eab8 | out: ppvObject=0x18eab8*=0xbbed00) returned 0x0 [0185.243] WbemLocator:IUnknown:QueryInterface (in: This=0xe3029d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eaa4 | out: ppvObject=0x18eaa4*=0xbbecdc) returned 0x0 [0185.243] WbemLocator:IClientSecurity:SetBlanket (This=0xbbecdc, pProxy=0xe3029d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.244] WbemLocator:IUnknown:Release (This=0xbbecdc) returned 0x2 [0185.244] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0185.244] CoTaskMemFree (pv=0xe2f2918) [0185.244] WbemLocator:IUnknown:Release (This=0xc16438) returned 0x0 [0185.244] WbemLocator:IUnknown:QueryInterface (in: This=0xe3029d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e6b4 | out: ppvObject=0x18e6b4*=0xbbed00) returned 0x0 [0185.244] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e670 | out: ppvObject=0x18e670*=0x0) returned 0x80004002 [0185.245] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e48c | out: ppvObject=0x18e48c*=0x0) returned 0x80004002 [0185.245] WbemLocator:IUnknown:QueryInterface (in: This=0xe3029d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e264 | out: ppvObject=0x18e264*=0x0) returned 0x80004002 [0185.246] WbemLocator:IUnknown:AddRef (This=0xbbed00) returned 0x3 [0185.246] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18dfc4 | out: ppvObject=0x18dfc4*=0x0) returned 0x80004002 [0185.246] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18df74 | out: ppvObject=0x18df74*=0x0) returned 0x80004002 [0185.246] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18df80 | out: ppvObject=0x18df80*=0xbbec5c) returned 0x0 [0185.246] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbec5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18df88 | out: pCid=0x18df88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.246] WbemLocator:IUnknown:Release (This=0xbbec5c) returned 0x3 [0185.246] CoGetContextToken (in: pToken=0x18dfe0 | out: pToken=0x18dfe0) returned 0x0 [0185.246] CoGetContextToken (in: pToken=0x18e3e8 | out: pToken=0x18e3e8) returned 0x0 [0185.246] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e474 | out: ppvObject=0x18e474*=0xbbece4) returned 0x0 [0185.247] WbemLocator:IRpcOptions:Query (in: This=0xbbece4, pPrx=0xbbed00, dwProperty=2, pdwValue=0x18e480 | out: pdwValue=0x18e480) returned 0x80004002 [0185.247] WbemLocator:IUnknown:Release (This=0xbbece4) returned 0x3 [0185.247] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x2 [0185.247] CoGetContextToken (in: pToken=0x18e9c8 | out: pToken=0x18e9c8) returned 0x0 [0185.247] CoGetContextToken (in: pToken=0x18e928 | out: pToken=0x18e928) returned 0x0 [0185.247] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x18e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x18e9f4 | out: ppvObject=0x18e9f4*=0xe3029d0) returned 0x0 [0185.247] WbemLocator:IUnknown:AddRef (This=0xe3029d0) returned 0x4 [0185.247] WbemLocator:IUnknown:Release (This=0xe3029d0) returned 0x3 [0185.247] WbemLocator:IUnknown:Release (This=0xe3029d0) returned 0x2 [0185.247] SysStringLen (param_1=0x0) returned 0x0 [0185.247] CoGetContextToken (in: pToken=0x18e9e0 | out: pToken=0x18e9e0) returned 0x0 [0185.248] WbemLocator:IUnknown:AddRef (This=0xbbed00) returned 0x3 [0185.248] WbemLocator:IUnknown:QueryInterface (in: This=0xbbed00, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e874 | out: ppvObject=0x18e874*=0xbbed00) returned 0x0 [0185.248] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x3 [0185.248] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x2 [0185.248] CoGetContextToken (in: pToken=0x18ead8 | out: pToken=0x18ead8) returned 0x0 [0185.248] WbemLocator:IUnknown:AddRef (This=0xe3029d0) returned 0x3 [0185.248] IWbemServices:ExecQuery (in: This=0xe3029d0, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x18ece4 | out: ppEnum=0x18ece4*=0xb7aa10) returned 0x0 [0185.257] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb40 | out: ppvObject=0x18eb40*=0xb7aa14) returned 0x0 [0185.264] IClientSecurity:QueryBlanket (in: This=0xb7aa14, pProxy=0xb7aa10, pAuthnSvc=0x18eb90, pAuthzSvc=0x18eb8c, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88, pImpLevel=0x18eb78, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80 | out: pAuthnSvc=0x18eb90*=0xa, pAuthzSvc=0x18eb8c*=0x0, pServerPrincName=0x18eb84, pAuthnLevel=0x18eb88*=0x6, pImpLevel=0x18eb78*=0x2, pAuthInfo=0x18eb7c, pCapabilites=0x18eb80*=0x1) returned 0x0 [0185.265] IUnknown:Release (This=0xb7aa14) returned 0x1 [0185.265] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb34 | out: ppvObject=0x18eb34*=0xbbdf00) returned 0x0 [0185.265] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18eb20 | out: ppvObject=0x18eb20*=0xb7aa14) returned 0x0 [0185.265] IClientSecurity:SetBlanket (This=0xb7aa14, pProxy=0xb7aa10, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.267] IUnknown:Release (This=0xb7aa14) returned 0x2 [0185.267] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.267] CoTaskMemFree (pv=0xe2f2c78) [0185.267] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e72c | out: ppvObject=0x18e72c*=0xbbdf00) returned 0x0 [0185.267] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e6e8 | out: ppvObject=0x18e6e8*=0x0) returned 0x80004002 [0185.268] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e504 | out: ppvObject=0x18e504*=0x0) returned 0x80004002 [0185.268] IUnknown:QueryInterface (in: This=0xb7aa10, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e2dc | out: ppvObject=0x18e2dc*=0x0) returned 0x80004002 [0185.269] WbemLocator:IUnknown:AddRef (This=0xbbdf00) returned 0x3 [0185.269] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e03c | out: ppvObject=0x18e03c*=0x0) returned 0x80004002 [0185.269] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18dfec | out: ppvObject=0x18dfec*=0x0) returned 0x80004002 [0185.269] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18dff8 | out: ppvObject=0x18dff8*=0xbbde5c) returned 0x0 [0185.269] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbde5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e000 | out: pCid=0x18e000*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.269] WbemLocator:IUnknown:Release (This=0xbbde5c) returned 0x3 [0185.269] CoGetContextToken (in: pToken=0x18e058 | out: pToken=0x18e058) returned 0x0 [0185.270] CoGetContextToken (in: pToken=0x18e460 | out: pToken=0x18e460) returned 0x0 [0185.270] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e4ec | out: ppvObject=0x18e4ec*=0xbbdee4) returned 0x0 [0185.270] WbemLocator:IRpcOptions:Query (in: This=0xbbdee4, pPrx=0xbbdf00, dwProperty=2, pdwValue=0x18e4f8 | out: pdwValue=0x18e4f8) returned 0x80004002 [0185.270] WbemLocator:IUnknown:Release (This=0xbbdee4) returned 0x3 [0185.270] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x2 [0185.270] CoGetContextToken (in: pToken=0x18ea40 | out: pToken=0x18ea40) returned 0x0 [0185.270] CoGetContextToken (in: pToken=0x18e9a0 | out: pToken=0x18e9a0) returned 0x0 [0185.270] WbemLocator:IUnknown:QueryInterface (in: This=0xbbdf00, riid=0x18ea70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18ea6c | out: ppvObject=0x18ea6c*=0xb7aa10) returned 0x0 [0185.270] IUnknown:AddRef (This=0xb7aa10) returned 0x4 [0185.270] IUnknown:Release (This=0xb7aa10) returned 0x3 [0185.270] IUnknown:Release (This=0xb7aa10) returned 0x2 [0185.270] WbemLocator:IUnknown:Release (This=0xe3029d0) returned 0x2 [0185.270] SysStringLen (param_1=0x0) returned 0x0 [0185.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0xe300670, puCount=0x18ed30 | out: puCount=0x18ed30*=0x2) returned 0x0 [0185.271] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed2c*=0x0, pszText=0x0 | out: puBuffLength=0x18ed2c*=0x19, pszText=0x0) returned 0x0 [0185.271] WbemDefPath:IWbemPath:GetText (in: This=0xe300670, lFlags=4, puBuffLength=0x18ed2c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x18ed2c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0185.271] CoGetContextToken (in: pToken=0x18eb80 | out: pToken=0x18eb80) returned 0x0 [0185.271] IUnknown:AddRef (This=0xb7aa10) returned 0x3 [0185.271] IEnumWbemClassObject:Clone (in: This=0xb7aa10, ppEnum=0x18ed3c | out: ppEnum=0x18ed3c*=0xb7a3d0) returned 0x0 [0185.272] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebf8 | out: ppvObject=0x18ebf8*=0xb7a3d4) returned 0x0 [0185.272] IClientSecurity:QueryBlanket (in: This=0xb7a3d4, pProxy=0xb7a3d0, pAuthnSvc=0x18ec48, pAuthzSvc=0x18ec44, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40, pImpLevel=0x18ec30, pAuthInfo=0x18ec34, pCapabilites=0x18ec38 | out: pAuthnSvc=0x18ec48*=0xa, pAuthzSvc=0x18ec44*=0x0, pServerPrincName=0x18ec3c, pAuthnLevel=0x18ec40*=0x6, pImpLevel=0x18ec30*=0x2, pAuthInfo=0x18ec34, pCapabilites=0x18ec38*=0x1) returned 0x0 [0185.272] IUnknown:Release (This=0xb7a3d4) returned 0x1 [0185.272] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebec | out: ppvObject=0x18ebec*=0xbbec00) returned 0x0 [0185.272] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x68521234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18ebd8 | out: ppvObject=0x18ebd8*=0xb7a3d4) returned 0x0 [0185.272] IClientSecurity:SetBlanket (This=0xb7a3d4, pProxy=0xb7a3d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.274] IUnknown:Release (This=0xb7a3d4) returned 0x2 [0185.274] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0185.274] CoTaskMemFree (pv=0xe2f2978) [0185.274] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e7d4 | out: ppvObject=0x18e7d4*=0xbbec00) returned 0x0 [0185.275] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x18e790 | out: ppvObject=0x18e790*=0x0) returned 0x80004002 [0185.275] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x18e5ac | out: ppvObject=0x18e5ac*=0x0) returned 0x80004002 [0185.275] IUnknown:QueryInterface (in: This=0xb7a3d0, riid=0x6f219c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x18e384 | out: ppvObject=0x18e384*=0x0) returned 0x80004002 [0185.276] WbemLocator:IUnknown:AddRef (This=0xbbec00) returned 0x3 [0185.276] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f2198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x18e0e4 | out: ppvObject=0x18e0e4*=0x0) returned 0x80004002 [0185.276] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x18e094 | out: ppvObject=0x18e094*=0x0) returned 0x80004002 [0185.276] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f0ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e0a0 | out: ppvObject=0x18e0a0*=0xbbeb5c) returned 0x0 [0185.276] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xbbeb5c, riid=0x6f0ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x18e0a8 | out: pCid=0x18e0a8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.276] WbemLocator:IUnknown:Release (This=0xbbeb5c) returned 0x3 [0185.276] CoGetContextToken (in: pToken=0x18e100 | out: pToken=0x18e100) returned 0x0 [0185.277] CoGetContextToken (in: pToken=0x18e508 | out: pToken=0x18e508) returned 0x0 [0185.277] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x6f219b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18e594 | out: ppvObject=0x18e594*=0xbbebe4) returned 0x0 [0185.277] WbemLocator:IRpcOptions:Query (in: This=0xbbebe4, pPrx=0xbbec00, dwProperty=2, pdwValue=0x18e5a0 | out: pdwValue=0x18e5a0) returned 0x80004002 [0185.277] WbemLocator:IUnknown:Release (This=0xbbebe4) returned 0x3 [0185.277] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x2 [0185.277] CoGetContextToken (in: pToken=0x18eae8 | out: pToken=0x18eae8) returned 0x0 [0185.277] CoGetContextToken (in: pToken=0x18ea48 | out: pToken=0x18ea48) returned 0x0 [0185.278] WbemLocator:IUnknown:QueryInterface (in: This=0xbbec00, riid=0x18eb18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x18eb14 | out: ppvObject=0x18eb14*=0xb7a3d0) returned 0x0 [0185.278] IUnknown:AddRef (This=0xb7a3d0) returned 0x4 [0185.278] IUnknown:Release (This=0xb7a3d0) returned 0x3 [0185.278] IUnknown:Release (This=0xb7a3d0) returned 0x2 [0185.278] IUnknown:Release (This=0xb7aa10) returned 0x2 [0185.278] SysStringLen (param_1=0x0) returned 0x0 [0185.278] IEnumWbemClassObject:Reset (This=0xb7a3d0) returned 0x0 [0185.279] CoTaskMemAlloc (cb=0x4) returned 0xc16788 [0185.279] IEnumWbemClassObject:Next (in: This=0xb7a3d0, lTimeout=-1, uCount=0x1, apObjects=0xc16788, puReturned=0x6c06508 | out: apObjects=0xc16788*=0x0, puReturned=0x6c06508*=0x0) returned 0x1 [0185.280] CoTaskMemFree (pv=0xc16788) [0185.280] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.280] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0185.280] IUnknown:Release (This=0xb7a3d0) returned 0x0 [0185.281] CoGetContextToken (in: pToken=0x18ec60 | out: pToken=0x18ec60) returned 0x0 [0185.281] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0185.281] IUnknown:Release (This=0xb7aa10) returned 0x0 [0185.295] CoCreateGuid (in: pguid=0x18ebf4 | out: pguid=0x18ebf4*(Data1=0xc5fe9e2, Data2=0x6654, Data3=0x4bfd, Data4=([0]=0xa2, [1]=0xb0, [2]=0x7a, [3]=0x1a, [4]=0x82, [5]=0x7b, [6]=0x65, [7]=0x65))) returned 0x0 [0185.295] CoCreateGuid (in: pguid=0x18eb34 | out: pguid=0x18eb34*(Data1=0x95bf712a, Data2=0xdd0a, Data3=0x4565, Data4=([0]=0xa9, [1]=0x7d, [2]=0x42, [3]=0x28, [4]=0x74, [5]=0x67, [6]=0xa0, [7]=0x2e))) returned 0x0 [0185.295] send (s=0x348, buf=0x839ad9f*, len=191, flags=0) returned 191 [0185.296] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 125 [0185.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\WOW6432Node\\Clients\\StartMenuInternet", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee70 | out: phkResult=0x18ee70*=0x2fc) returned 0x0 [0185.489] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18ee98, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ee94, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18ee98*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ee94*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0185.489] RegEnumKeyExW (in: hKey=0x2fc, dwIndex=0x0, lpName=0x6c06efc, lpcchName=0x18eeb4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEXPLORE.EXE", lpcchName=0x18eeb4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0185.494] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="IEXPLORE.EXE", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee70 | out: phkResult=0x18ee70*=0x228) returned 0x0 [0185.494] RegQueryValueExW (in: hKey=0x228, lpValueName=0x0, lpReserved=0x0, lpType=0x18ee90, lpData=0x0, lpcbData=0x18ee8c*=0x0 | out: lpType=0x18ee90*=0x1, lpData=0x0, lpcbData=0x18ee8c*=0x24) returned 0x0 [0185.494] RegQueryValueExW (in: hKey=0x228, lpValueName=0x0, lpReserved=0x0, lpType=0x18ee90, lpData=0x6c07228, lpcbData=0x18ee8c*=0x24 | out: lpType=0x18ee90*=0x1, lpData="Internet Explorer", lpcbData=0x18ee8c*=0x24) returned 0x0 [0185.501] RegOpenKeyExW (in: hKey=0x228, lpSubKey="shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee70 | out: phkResult=0x18ee70*=0x300) returned 0x0 [0185.502] RegQueryValueExW (in: hKey=0x300, lpValueName=0x0, lpReserved=0x0, lpType=0x18ee90, lpData=0x0, lpcbData=0x18ee8c*=0x0 | out: lpType=0x18ee90*=0x1, lpData=0x0, lpcbData=0x18ee8c*=0x60) returned 0x0 [0185.503] RegQueryValueExW (in: hKey=0x300, lpValueName=0x0, lpReserved=0x0, lpType=0x18ee90, lpData=0x6c07444, lpcbData=0x18ee8c*=0x60 | out: lpType=0x18ee90*=0x1, lpData="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpcbData=0x18ee8c*=0x60) returned 0x0 [0185.524] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Internet Explorer\\iexplore.exe", nBufferLength=0x105, lpBuffer=0x18e924, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpFilePart=0x0) returned 0x2f [0185.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18edcc) returned 1 [0185.524] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe"), fInfoLevelId=0x0, lpFileInformation=0x18ee48 | out: lpFileInformation=0x18ee48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33517c70, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x33517c70, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x33517c70, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc74c0)) returned 1 [0185.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edc8) returned 1 [0185.527] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpdwHandle=0x18eebc | out: lpdwHandle=0x18eebc) returned 0xba4 [0185.534] GetFileVersionInfoW (in: lptstrFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe", dwHandle=0x0, dwLen=0xba4, lpData=0x6c075fc | out: lpData=0x6c075fc) returned 1 [0185.537] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18ee90, puLen=0x18ee8c | out: lplpBuffer=0x18ee90*=0x6c07bc8, puLen=0x18ee8c) returned 1 [0185.542] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c076b4, puLen=0x18ee0c) returned 1 [0185.542] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c07708, puLen=0x18ee0c) returned 1 [0185.542] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c0774c, puLen=0x18ee0c) returned 1 [0185.542] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c077bc, puLen=0x18ee0c) returned 1 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c077f4, puLen=0x18ee0c) returned 1 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c07878, puLen=0x18ee0c) returned 1 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c078bc, puLen=0x18ee0c) returned 1 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x6c07904, puLen=0x18ee0c) returned 1 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x0, puLen=0x18ee0c) returned 0 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x0, puLen=0x18ee0c) returned 0 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x0, puLen=0x18ee0c) returned 0 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x18ee10, puLen=0x18ee0c | out: lplpBuffer=0x18ee10*=0x0, puLen=0x18ee0c) returned 0 [0185.543] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x18ee04, puLen=0x18ee00 | out: lplpBuffer=0x18ee04*=0x6c07bc8, puLen=0x18ee00) returned 1 [0185.544] VerLanguageNameW (in: wLang=0x409, szLang=0x18eb94, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0185.553] VerQueryValueW (in: pBlock=0x6c075fc, lpSubBlock="\\", lplpBuffer=0x18ee14, puLen=0x18ee10 | out: lplpBuffer=0x18ee14*=0x6c07624, puLen=0x18ee10) returned 1 [0185.576] CoCreateGuid (in: pguid=0x18ec10 | out: pguid=0x18ec10*(Data1=0x99105667, Data2=0xafe3, Data3=0x48de, Data4=([0]=0x9d, [1]=0xbe, [2]=0x78, [3]=0x91, [4]=0xc2, [5]=0x35, [6]=0xb0, [7]=0x56))) returned 0x0 [0185.576] CoCreateGuid (in: pguid=0x18eb50 | out: pguid=0x18eb50*(Data1=0xcc450050, Data2=0xeda7, Data3=0x48e0, Data4=([0]=0xa9, [1]=0x2a, [2]=0xc8, [3]=0x2b, [4]=0xba, [5]=0xf2, [6]=0x42, [7]=0x70))) returned 0x0 [0185.667] send (s=0x348, buf=0x6c0941b*, len=306, flags=0) returned 306 [0185.668] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 129 [0186.192] CoTaskMemAlloc (cb=0x20c) returned 0xe33b488 [0186.192] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0xe33b488 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0186.192] CoTaskMemFree (pv=0xe33b488) [0186.192] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0186.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x18e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x2b [0186.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec50) returned 1 [0186.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x6c1d89c | out: lpFileInformation=0x6c1d89c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0186.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec4c) returned 1 [0186.202] CoCreateGuid (in: pguid=0x18ebf8 | out: pguid=0x18ebf8*(Data1=0x9f5528c3, Data2=0xcd7d, Data3=0x4f46, Data4=([0]=0x93, [1]=0xe3, [2]=0xc0, [3]=0xbf, [4]=0xe5, [5]=0xa4, [6]=0x56, [7]=0xb7))) returned 0x0 [0186.203] CoCreateGuid (in: pguid=0x18eb38 | out: pguid=0x18eb38*(Data1=0xcf366930, Data2=0xdda6, Data3=0x4a6d, Data4=([0]=0x9c, [1]=0xd4, [2]=0xdb, [3]=0x3d, [4]=0xb8, [5]=0x1f, [6]=0xa0, [7]=0x52))) returned 0x0 [0186.204] send (s=0x348, buf=0x6c1dd13*, len=178, flags=0) returned 178 [0186.205] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 132 [0186.250] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%", lpDst=0x18ec64, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%") returned 0x18 [0186.250] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng", lpDst=0x18ec64, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng") returned 0x3c [0186.648] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x18e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x54 [0186.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ee38) returned 1 [0186.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x18e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x54 [0186.649] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\*ovpn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x18eb60 | out: lpFindFileData=0x18eb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0186.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edfc) returned 1 [0186.697] CoCreateGuid (in: pguid=0x18ebf8 | out: pguid=0x18ebf8*(Data1=0x6da0c186, Data2=0x8cea, Data3=0x4525, Data4=([0]=0x9d, [1]=0xe8, [2]=0x2c, [3]=0x8a, [4]=0x5b, [5]=0xe7, [6]=0xc2, [7]=0x5b))) returned 0x0 [0186.697] CoCreateGuid (in: pguid=0x18eb38 | out: pguid=0x18eb38*(Data1=0x4105dff6, Data2=0x35f4, Data3=0x4db5, Data4=([0]=0x97, [1]=0x4e, [2]=0x0, [3]=0x9b, [4]=0xba, [5]=0xee, [6]=0x19, [7]=0x75))) returned 0x0 [0186.697] send (s=0x348, buf=0x6c1dd13*, len=167, flags=0) returned 167 [0186.698] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 132 [0186.776] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%", lpDst=0x18ec50, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%") returned 0x28 [0186.776] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x18ec50, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Exte\x18墐") returned 0x6a [0186.776] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x18ec44, nSize=0x6a | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl") returned 0x6a [0186.779] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x18e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x43 [0186.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ee38) returned 1 [0186.779] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x18e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x43 [0186.780] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\*ovpn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x18eb60 | out: lpFindFileData=0x18eb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0186.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18edfc) returned 1 [0186.797] CoCreateGuid (in: pguid=0x18ebf8 | out: pguid=0x18ebf8*(Data1=0xad88a05e, Data2=0x7fb3, Data3=0x4e7b, Data4=([0]=0xbb, [1]=0xa3, [2]=0x2d, [3]=0x92, [4]=0xf1, [5]=0x9, [6]=0xc6, [7]=0x12))) returned 0x0 [0186.797] CoCreateGuid (in: pguid=0x18eb38 | out: pguid=0x18eb38*(Data1=0xb5a6ac16, Data2=0xfbba, Data3=0x4bce, Data4=([0]=0x8b, [1]=0xf8, [2]=0x2a, [3]=0xb5, [4]=0x66, [5]=0xc9, [6]=0x36, [7]=0x65))) returned 0x0 [0186.798] send (s=0x348, buf=0x6afc5cb*, len=167, flags=0) returned 167 [0186.799] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 132 [0186.943] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x304) returned 0x0 [0186.943] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18ee58, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ee54, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18ee58*=0x42, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ee54*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.943] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXM_Runtime", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x9, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.949] CoTaskMemFree (pv=0x0) [0186.949] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xa, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MPlayer2", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xb, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xc, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xd, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xe, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0xf, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x10, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x11, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x12, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x13, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x14, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.950] CoTaskMemFree (pv=0x0) [0186.950] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x15, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x16, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x17, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x18, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x19, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{4A03706F-666A-4037-7777-5F2748764D10}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1a, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1b, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.951] CoTaskMemFree (pv=0x0) [0186.951] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1c, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1d, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0011-0000-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1e, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0015-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1f, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0016-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x20, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0018-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x21, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0019-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x22, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001A-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x23, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001B-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x24, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x25, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-040C-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.952] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x26, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-001F-0C0A-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x27, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-002C-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x28, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0044-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x29, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-006E-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2a, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2b, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2c, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0090-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2d, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00A1-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2e, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00BA-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2f, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00E1-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x30, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-00E2-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x31, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0115-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x32, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-0117-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.953] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x33, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-012B-0409-0000-0000000FF1CE}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x34, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x35, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x36, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x37, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x38, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x39, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3a, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3b, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3c, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3d, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3e, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3f, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x40, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.954] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x41, lpName=0x6c261bc, lpcchName=0x18ee74, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x18ee74, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0186.955] RegOpenKeyExW (in: hKey=0x304, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.955] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.955] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.957] RegCloseKey (hKey=0x308) returned 0x0 [0186.957] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.957] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.957] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.957] RegCloseKey (hKey=0x308) returned 0x0 [0186.958] RegOpenKeyExW (in: hKey=0x304, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.958] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.958] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.958] RegCloseKey (hKey=0x308) returned 0x0 [0186.958] RegOpenKeyExW (in: hKey=0x304, lpSubKey="DXM_Runtime", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.958] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.959] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.959] RegCloseKey (hKey=0x308) returned 0x0 [0186.959] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.959] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.959] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.959] RegCloseKey (hKey=0x308) returned 0x0 [0186.959] RegOpenKeyExW (in: hKey=0x304, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.960] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.960] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.960] RegCloseKey (hKey=0x308) returned 0x0 [0186.960] RegOpenKeyExW (in: hKey=0x304, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.960] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.960] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.960] RegCloseKey (hKey=0x308) returned 0x0 [0186.961] RegOpenKeyExW (in: hKey=0x304, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.961] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.961] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.961] RegCloseKey (hKey=0x308) returned 0x0 [0186.961] RegOpenKeyExW (in: hKey=0x304, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.962] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.962] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.962] RegCloseKey (hKey=0x308) returned 0x0 [0186.962] RegOpenKeyExW (in: hKey=0x304, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.962] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.962] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.962] RegCloseKey (hKey=0x308) returned 0x0 [0186.963] RegOpenKeyExW (in: hKey=0x304, lpSubKey="MPlayer2", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.963] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.963] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.963] RegCloseKey (hKey=0x308) returned 0x0 [0186.963] RegOpenKeyExW (in: hKey=0x304, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.963] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.963] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.963] RegCloseKey (hKey=0x308) returned 0x0 [0186.964] RegOpenKeyExW (in: hKey=0x304, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.964] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.964] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0186.964] RegCloseKey (hKey=0x308) returned 0x0 [0186.964] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0186.964] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7e) returned 0x0 [0186.964] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c29294, lpcbData=0x18ee4c*=0x7e | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x18ee4c*=0x7e) returned 0x0 [0186.965] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x18) returned 0x0 [0186.965] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c29424, lpcbData=0x18ee4c*=0x18 | out: lpType=0x18ee50*=0x1, lpData="14.25.28508", lpcbData=0x18ee4c*=0x18) returned 0x0 [0187.001] RegCloseKey (hKey=0x308) returned 0x0 [0187.001] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.001] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x76) returned 0x0 [0187.001] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c2edf4, lpcbData=0x18ee4c*=0x76 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x18ee4c*=0x76) returned 0x0 [0187.001] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.002] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c2ef74, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="12.0.21005", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.002] RegCloseKey (hKey=0x308) returned 0x0 [0187.002] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.002] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.003] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.003] RegCloseKey (hKey=0x308) returned 0x0 [0187.003] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.003] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.003] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.003] RegCloseKey (hKey=0x308) returned 0x0 [0187.003] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.004] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.004] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.004] RegCloseKey (hKey=0x308) returned 0x0 [0187.004] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.004] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.004] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.004] RegCloseKey (hKey=0x308) returned 0x0 [0187.005] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.005] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.005] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.005] RegCloseKey (hKey=0x308) returned 0x0 [0187.005] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.005] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.006] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.006] RegCloseKey (hKey=0x308) returned 0x0 [0187.006] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.006] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.006] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.006] RegCloseKey (hKey=0x308) returned 0x0 [0187.006] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.007] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x78) returned 0x0 [0187.007] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c301fc, lpcbData=0x18ee4c*=0x78 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x18ee4c*=0x78) returned 0x0 [0187.007] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x18) returned 0x0 [0187.007] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c3037c, lpcbData=0x18ee4c*=0x18 | out: lpType=0x18ee50*=0x1, lpData="14.25.28508", lpcbData=0x18ee4c*=0x18) returned 0x0 [0187.014] RegCloseKey (hKey=0x308) returned 0x0 [0187.014] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.015] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.015] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c30760, lpcbData=0x18ee4c*=0x7a | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.015] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.015] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c308e8, lpcbData=0x18ee4c*=0x1a | out: lpType=0x18ee50*=0x1, lpData="11.0.61030.0", lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.015] RegCloseKey (hKey=0x308) returned 0x0 [0187.015] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.016] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.016] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c30cd8, lpcbData=0x18ee4c*=0x7a | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.016] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.016] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c30e60, lpcbData=0x18ee4c*=0x1a | out: lpType=0x18ee50*=0x1, lpData="12.0.30501.0", lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.016] RegCloseKey (hKey=0x308) returned 0x0 [0187.016] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{4A03706F-666A-4037-7777-5F2748764D10}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.016] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x24) returned 0x0 [0187.017] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c3127c, lpcbData=0x18ee4c*=0x24 | out: lpType=0x18ee50*=0x1, lpData="Java Auto Updater", lpcbData=0x18ee4c*=0x24) returned 0x0 [0187.017] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.017] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c31354, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="2.8.171.11", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.017] RegCloseKey (hKey=0x308) returned 0x0 [0187.017] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.017] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x86) returned 0x0 [0187.017] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c316e4, lpcbData=0x18ee4c*=0x86 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x18ee4c*=0x86) returned 0x0 [0187.018] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1c) returned 0x0 [0187.018] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c31884, lpcbData=0x18ee4c*=0x1c | out: lpType=0x18ee50*=0x1, lpData="14.25.28508.3", lpcbData=0x18ee4c*=0x1c) returned 0x0 [0187.018] RegCloseKey (hKey=0x308) returned 0x0 [0187.018] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.018] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x86) returned 0x0 [0187.018] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c31c84, lpcbData=0x18ee4c*=0x86 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x18ee4c*=0x86) returned 0x0 [0187.019] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1c) returned 0x0 [0187.019] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c31e24, lpcbData=0x18ee4c*=0x1c | out: lpType=0x18ee50*=0x1, lpData="14.25.28508.3", lpcbData=0x18ee4c*=0x1c) returned 0x0 [0187.019] RegCloseKey (hKey=0x308) returned 0x0 [0187.019] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.019] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x54) returned 0x0 [0187.019] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c32224, lpcbData=0x18ee4c*=0x54 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x18ee4c*=0x54) returned 0x0 [0187.020] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x14) returned 0x0 [0187.020] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c3235c, lpcbData=0x18ee4c*=0x14 | out: lpType=0x18ee50*=0x1, lpData="8.0.61001", lpcbData=0x18ee4c*=0x14) returned 0x0 [0187.020] RegCloseKey (hKey=0x308) returned 0x0 [0187.020] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0011-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.020] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.020] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.020] RegCloseKey (hKey=0x308) returned 0x0 [0187.021] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0015-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.021] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.021] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.021] RegCloseKey (hKey=0x308) returned 0x0 [0187.021] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0016-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.021] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.022] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.022] RegCloseKey (hKey=0x308) returned 0x0 [0187.022] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0018-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.022] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.022] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.022] RegCloseKey (hKey=0x308) returned 0x0 [0187.022] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0019-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.023] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.023] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.023] RegCloseKey (hKey=0x308) returned 0x0 [0187.023] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-001A-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.023] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.023] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.023] RegCloseKey (hKey=0x308) returned 0x0 [0187.024] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-001B-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.024] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.024] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.024] RegCloseKey (hKey=0x308) returned 0x0 [0187.024] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-001F-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.024] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.025] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.025] RegCloseKey (hKey=0x308) returned 0x0 [0187.025] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-001F-040C-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.025] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.025] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.025] RegCloseKey (hKey=0x308) returned 0x0 [0187.025] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-001F-0C0A-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.025] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.026] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.026] RegCloseKey (hKey=0x308) returned 0x0 [0187.026] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-002C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.026] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.026] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.026] RegCloseKey (hKey=0x308) returned 0x0 [0187.026] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0044-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.027] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.027] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.027] RegCloseKey (hKey=0x308) returned 0x0 [0187.027] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-006E-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.027] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.027] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.027] RegCloseKey (hKey=0x308) returned 0x0 [0187.027] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.028] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.028] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.028] RegCloseKey (hKey=0x308) returned 0x0 [0187.028] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.028] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.028] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.028] RegCloseKey (hKey=0x308) returned 0x0 [0187.029] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0090-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.029] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.029] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.029] RegCloseKey (hKey=0x308) returned 0x0 [0187.029] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-00A1-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.029] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.029] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.030] RegCloseKey (hKey=0x308) returned 0x0 [0187.030] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-00BA-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.030] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.030] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.030] RegCloseKey (hKey=0x308) returned 0x0 [0187.030] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-00E1-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.030] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.031] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.031] RegCloseKey (hKey=0x308) returned 0x0 [0187.031] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-00E2-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.031] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.031] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.031] RegCloseKey (hKey=0x308) returned 0x0 [0187.031] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0115-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.032] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.032] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.032] RegCloseKey (hKey=0x308) returned 0x0 [0187.032] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-0117-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.032] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.032] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.032] RegCloseKey (hKey=0x308) returned 0x0 [0187.032] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{90160000-012B-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.033] RegCloseKey (hKey=0x308) returned 0x0 [0187.033] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7e) returned 0x0 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c355b8, lpcbData=0x18ee4c*=0x7e | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x18ee4c*=0x7e) returned 0x0 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1e) returned 0x0 [0187.033] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c35748, lpcbData=0x18ee4c*=0x1e | out: lpType=0x18ee50*=0x1, lpData="9.0.30729.6161", lpcbData=0x18ee4c*=0x1e) returned 0x0 [0187.034] RegCloseKey (hKey=0x308) returned 0x0 [0187.034] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.034] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7c) returned 0x0 [0187.034] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c35b48, lpcbData=0x18ee4c*=0x7c | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x18ee4c*=0x7c) returned 0x0 [0187.034] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.034] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c35cd0, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="11.0.61030", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.035] RegCloseKey (hKey=0x308) returned 0x0 [0187.035] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.035] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x76) returned 0x0 [0187.035] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c360b8, lpcbData=0x18ee4c*=0x76 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x18ee4c*=0x76) returned 0x0 [0187.035] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.035] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c36238, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="11.0.61030", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.035] RegCloseKey (hKey=0x308) returned 0x0 [0187.036] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.036] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.036] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c36618, lpcbData=0x18ee4c*=0x7a | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.036] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.036] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c367a0, lpcbData=0x18ee4c*=0x1a | out: lpType=0x18ee50*=0x1, lpData="11.0.61030.0", lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.036] RegCloseKey (hKey=0x308) returned 0x0 [0187.036] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.037] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.037] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c36b90, lpcbData=0x18ee4c*=0x7a | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x18ee4c*=0x7a) returned 0x0 [0187.037] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.037] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c36d18, lpcbData=0x18ee4c*=0x1a | out: lpType=0x18ee50*=0x1, lpData="12.0.30501.0", lpcbData=0x18ee4c*=0x1a) returned 0x0 [0187.037] RegCloseKey (hKey=0x308) returned 0x0 [0187.037] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.038] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x78) returned 0x0 [0187.038] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c37108, lpcbData=0x18ee4c*=0x78 | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x18ee4c*=0x78) returned 0x0 [0187.038] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.038] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c37288, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="10.0.40219", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.038] RegCloseKey (hKey=0x308) returned 0x0 [0187.050] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.051] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.051] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.051] RegCloseKey (hKey=0x308) returned 0x0 [0187.051] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.051] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.052] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.052] RegCloseKey (hKey=0x308) returned 0x0 [0187.052] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.052] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.052] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.052] RegCloseKey (hKey=0x308) returned 0x0 [0187.052] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.052] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegCloseKey (hKey=0x308) returned 0x0 [0187.053] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.053] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegCloseKey (hKey=0x308) returned 0x0 [0187.053] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.053] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.053] RegCloseKey (hKey=0x308) returned 0x0 [0187.054] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.054] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.054] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x0, lpData=0x0, lpcbData=0x18ee4c*=0x0) returned 0x2 [0187.054] RegCloseKey (hKey=0x308) returned 0x0 [0187.054] RegOpenKeyExW (in: hKey=0x304, lpSubKey="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ee30 | out: phkResult=0x18ee30*=0x308) returned 0x0 [0187.054] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x7c) returned 0x0 [0187.054] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayName", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c38514, lpcbData=0x18ee4c*=0x7c | out: lpType=0x18ee50*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x18ee4c*=0x7c) returned 0x0 [0187.055] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x0, lpcbData=0x18ee4c*=0x0 | out: lpType=0x18ee50*=0x1, lpData=0x0, lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.055] RegQueryValueExW (in: hKey=0x308, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x18ee50, lpData=0x6c3869c, lpcbData=0x18ee4c*=0x16 | out: lpType=0x18ee50*=0x1, lpData="12.0.21005", lpcbData=0x18ee4c*=0x16) returned 0x0 [0187.055] RegCloseKey (hKey=0x308) returned 0x0 [0187.055] RegCloseKey (hKey=0x304) returned 0x0 [0187.081] CoCreateGuid (in: pguid=0x18ec10 | out: pguid=0x18ec10*(Data1=0x79c831b3, Data2=0xcc75, Data3=0x4e7e, Data4=([0]=0xbb, [1]=0x2b, [2]=0xa8, [3]=0x3d, [4]=0x59, [5]=0xe2, [6]=0x20, [7]=0x70))) returned 0x0 [0187.081] CoCreateGuid (in: pguid=0x18eb50 | out: pguid=0x18eb50*(Data1=0xd37ffce6, Data2=0x23d, Data3=0x4d02, Data4=([0]=0xbd, [1]=0x82, [2]=0xd, [3]=0xc8, [4]=0x65, [5]=0x71, [6]=0x36, [7]=0xcf))) returned 0x0 [0187.082] send (s=0x348, buf=0x6c3904b*, len=1372, flags=0) returned 1372 [0187.091] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 128 [0187.194] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Valve\\Steam", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ed8c | out: phkResult=0x18ed8c*=0x0) returned 0x2 [0187.200] CoCreateGuid (in: pguid=0x18ec00 | out: pguid=0x18ec00*(Data1=0xc7d24de, Data2=0x2cf8, Data3=0x4d68, Data4=([0]=0x92, [1]=0x3e, [2]=0xbd, [3]=0x4b, [4]=0xf9, [5]=0x10, [6]=0x72, [7]=0xc))) returned 0x0 [0187.200] CoCreateGuid (in: pguid=0x18eb40 | out: pguid=0x18eb40*(Data1=0x46e97fdf, Data2=0xfaf6, Data3=0x409a, Data4=([0]=0x92, [1]=0xd6, [2]=0x3e, [3]=0x3a, [4]=0xe0, [5]=0x55, [6]=0x34, [7]=0xc9))) returned 0x0 [0187.200] send (s=0x348, buf=0x6c3904b*, len=162, flags=0) returned 162 [0187.201] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 132 [0187.236] CoCreateGuid (in: pguid=0x18ecc8 | out: pguid=0x18ecc8*(Data1=0xaaf1e59d, Data2=0x2c27, Data3=0x4ba7, Data4=([0]=0xa7, [1]=0x55, [2]=0x6d, [3]=0xb9, [4]=0xdf, [5]=0xae, [6]=0x5d, [7]=0xa9))) returned 0x0 [0187.236] CoCreateGuid (in: pguid=0x18ec08 | out: pguid=0x18ec08*(Data1=0xc222621d, Data2=0x58fb, Data3=0x4a35, Data4=([0]=0xb9, [1]=0xfd, [2]=0x5a, [3]=0xd2, [4]=0x13, [5]=0x69, [6]=0xfc, [7]=0xd9))) returned 0x0 [0187.236] send (s=0x348, buf=0x6c3904b*, len=157, flags=0) returned 157 [0187.237] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 112 [0187.317] CoCreateGuid (in: pguid=0x18edfc | out: pguid=0x18edfc*(Data1=0x89c41010, Data2=0x16f7, Data3=0x4e58, Data4=([0]=0x91, [1]=0x6, [2]=0xdf, [3]=0xa3, [4]=0x89, [5]=0x8a, [6]=0xfb, [7]=0xa0))) returned 0x0 [0187.317] CoCreateGuid (in: pguid=0x18ed3c | out: pguid=0x18ed3c*(Data1=0x29cc2859, Data2=0xac1f, Data3=0x4d12, Data4=([0]=0xbe, [1]=0x3c, [2]=0x62, [3]=0xc1, [4]=0x21, [5]=0x66, [6]=0x4a, [7]=0x83))) returned 0x0 [0187.318] send (s=0x348, buf=0x6c3904b*, len=556, flags=0) returned 556 [0187.318] recv (in: s=0x348, buf=0x6afd76c, len=8192, flags=0 | out: buf=0x6afd76c*) returned 136 [0187.506] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304 [0187.506] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308 [0187.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e2cc | out: phkResult=0x18e2cc*=0x30c) returned 0x0 [0187.520] RegQueryValueExW (in: hKey=0x30c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18e2ec, lpData=0x0, lpcbData=0x18e2e8*=0x0 | out: lpType=0x18e2ec*=0x1, lpData=0x0, lpcbData=0x18e2e8*=0xe) returned 0x0 [0187.520] RegQueryValueExW (in: hKey=0x30c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18e2ec, lpData=0x6c3dd18, lpcbData=0x18e2e8*=0xe | out: lpType=0x18e2ec*=0x1, lpData="Client", lpcbData=0x18e2e8*=0xe) returned 0x0 [0187.521] RegCloseKey (hKey=0x30c) returned 0x0 [0187.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f0b0 | out: phkResult=0x18f0b0*=0x30c) returned 0x0 [0187.537] RegQueryValueExW (in: hKey=0x30c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x18f0cc, lpData=0x0, lpcbData=0x18f0c8*=0x0 | out: lpType=0x18f0cc*=0x4, lpData=0x0, lpcbData=0x18f0c8*=0x4) returned 0x0 [0187.538] RegQueryValueExW (in: hKey=0x30c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x18f0cc, lpData=0x18f0b8, lpcbData=0x18f0c8*=0x4 | out: lpType=0x18f0cc*=0x4, lpData=0x18f0b8*=0x1, lpcbData=0x18f0c8*=0x4) returned 0x0 [0187.538] RegQueryValueExW (in: hKey=0x30c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x18f104, lpData=0x0, lpcbData=0x18f100*=0x0 | out: lpType=0x18f104*=0x4, lpData=0x0, lpcbData=0x18f100*=0x4) returned 0x0 [0187.538] RegCloseKey (hKey=0x30c) returned 0x0 [0187.545] GetCurrentProcessId () returned 0x234 [0187.547] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x234) returned 0x30c [0187.560] EnumProcessModules (in: hProcess=0x30c, lphModule=0x6c3ecf4, cb=0x100, lpcbNeeded=0x18f0b8 | out: lphModule=0x6c3ecf4, lpcbNeeded=0x18f0b8) returned 1 [0187.561] EnumProcessModules (in: hProcess=0x30c, lphModule=0x6c3ee00, cb=0x200, lpcbNeeded=0x18f0b8 | out: lphModule=0x6c3ee00, lpcbNeeded=0x18f0b8) returned 1 [0187.563] GetModuleInformation (in: hProcess=0x30c, hModule=0x400000, lpmodinfo=0x6c3f040, cb=0xc | out: lpmodinfo=0x6c3f040*(lpBaseOfDll=0x400000, SizeOfImage=0x30000, EntryPoint=0x0)) returned 1 [0187.564] CoTaskMemAlloc (cb=0x804) returned 0xe2fcb40 [0187.564] GetModuleBaseNameW (in: hProcess=0x30c, hModule=0x400000, lpBaseName=0xe2fcb40, nSize=0x800 | out: lpBaseName="vbc.exe") returned 0x7 [0187.564] CoTaskMemFree (pv=0xe2fcb40) [0187.565] CoTaskMemAlloc (cb=0x804) returned 0xe2fcb40 [0187.565] GetModuleFileNameExW (in: hProcess=0x30c, hModule=0x400000, lpFilename=0xe2fcb40, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe")) returned 0x35 [0187.565] CoTaskMemFree (pv=0xe2fcb40) [0187.565] CloseHandle (hObject=0x30c) returned 1 [0187.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", nBufferLength=0x105, lpBuffer=0x18ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", lpFilePart=0x0) returned 0x35 [0187.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f0b0 | out: phkResult=0x18f0b0*=0x0) returned 0x2 [0187.581] GetCurrentProcessId () returned 0x234 [0187.581] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x234) returned 0x30c [0187.581] EnumProcessModules (in: hProcess=0x30c, lphModule=0x6c41b88, cb=0x100, lpcbNeeded=0x18f0c0 | out: lphModule=0x6c41b88, lpcbNeeded=0x18f0c0) returned 1 [0187.583] EnumProcessModules (in: hProcess=0x30c, lphModule=0x6c41c94, cb=0x200, lpcbNeeded=0x18f0c0 | out: lphModule=0x6c41c94, lpcbNeeded=0x18f0c0) returned 1 [0187.584] GetModuleInformation (in: hProcess=0x30c, hModule=0x400000, lpmodinfo=0x6c41ed4, cb=0xc | out: lpmodinfo=0x6c41ed4*(lpBaseOfDll=0x400000, SizeOfImage=0x30000, EntryPoint=0x0)) returned 1 [0187.584] CoTaskMemAlloc (cb=0x804) returned 0xe2fcb40 [0187.584] GetModuleBaseNameW (in: hProcess=0x30c, hModule=0x400000, lpBaseName=0xe2fcb40, nSize=0x800 | out: lpBaseName="vbc.exe") returned 0x7 [0187.585] CoTaskMemFree (pv=0xe2fcb40) [0187.585] CoTaskMemAlloc (cb=0x804) returned 0xe2fcb40 [0187.585] GetModuleFileNameExW (in: hProcess=0x30c, hModule=0x400000, lpFilename=0xe2fcb40, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\vbc.exe")) returned 0x35 [0187.585] CoTaskMemFree (pv=0xe2fcb40) [0187.585] CloseHandle (hObject=0x30c) returned 1 [0187.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", nBufferLength=0x105, lpBuffer=0x18ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", lpFilePart=0x0) returned 0x35 [0187.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f0b8 | out: phkResult=0x18f0b8*=0x0) returned 0x2 [0187.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f0b8 | out: phkResult=0x18f0b8*=0x30c) returned 0x0 [0187.586] RegQueryValueExW (in: hKey=0x30c, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x18f0d4, lpData=0x0, lpcbData=0x18f0d0*=0x0 | out: lpType=0x18f0d4*=0x0, lpData=0x0, lpcbData=0x18f0d0*=0x0) returned 0x2 [0187.586] RegCloseKey (hKey=0x30c) returned 0x0 [0187.743] CoGetContextToken (in: pToken=0x18fd40 | out: pToken=0x18fd40) returned 0x0 [0187.743] IUnknown:QueryInterface (in: This=0xb71a30, riid=0x6f1738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fd64 | out: ppvObject=0x18fd64*=0xb71a3c) returned 0x0 [0187.743] IComThreadingInfo:GetCurrentThreadType (in: This=0xb71a3c, pThreadType=0x18fdc4 | out: pThreadType=0x18fdc4*=0) returned 0x0 [0187.743] IUnknown:Release (This=0xb71a3c) returned 0x1 [0187.745] CoGetContextToken (in: pToken=0x18fa5c | out: pToken=0x18fa5c) returned 0x0 [0187.745] IUnknown:QueryInterface (in: This=0xb71a30, riid=0x6f1738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa80 | out: ppvObject=0x18fa80*=0xb71a3c) returned 0x0 [0187.745] IComThreadingInfo:GetCurrentThreadType (in: This=0xb71a3c, pThreadType=0x18faac | out: pThreadType=0x18faac*=0) returned 0x0 [0187.745] IUnknown:Release (This=0xb71a3c) returned 0x1 [0187.750] CoGetContextToken (in: pToken=0x18fa5c | out: pToken=0x18fa5c) returned 0x0 [0187.750] IUnknown:QueryInterface (in: This=0xb71a30, riid=0x6f1738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa80 | out: ppvObject=0x18fa80*=0xb71a3c) returned 0x0 [0187.751] IComThreadingInfo:GetCurrentThreadType (in: This=0xb71a3c, pThreadType=0x18faac | out: pThreadType=0x18faac*=0) returned 0x0 [0187.751] IUnknown:Release (This=0xb71a3c) returned 0x1 [0187.858] CoGetContextToken (in: pToken=0x18fa5c | out: pToken=0x18fa5c) returned 0x0 [0187.858] IUnknown:QueryInterface (in: This=0xb71a30, riid=0x6f1738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa80 | out: ppvObject=0x18fa80*=0xb71a3c) returned 0x0 [0187.858] IComThreadingInfo:GetCurrentThreadType (in: This=0xb71a3c, pThreadType=0x18faac | out: pThreadType=0x18faac*=0) returned 0x0 [0187.858] IUnknown:Release (This=0xb71a3c) returned 0x1 [0187.908] CoGetContextToken (in: pToken=0x18fa74 | out: pToken=0x18fa74) returned 0x0 [0187.908] IUnknown:QueryInterface (in: This=0xb71a30, riid=0x6f1738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa98 | out: ppvObject=0x18fa98*=0xb71a3c) returned 0x0 [0187.908] IComThreadingInfo:GetCurrentThreadType (in: This=0xb71a3c, pThreadType=0x18fac4 | out: pThreadType=0x18fac4*=0) returned 0x0 [0187.908] IUnknown:Release (This=0xb71a3c) returned 0x1 [0187.974] CoUninitialize () Thread: id = 7 os_tid = 0x228 Thread: id = 8 os_tid = 0x10d4 Thread: id = 9 os_tid = 0xbc0 [0095.095] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0095.095] RoInitialize () returned 0x1 [0095.095] RoUninitialize () returned 0x0 [0175.255] CoGetContextToken (in: pToken=0xf2f5c0 | out: pToken=0xf2f5c0) returned 0x0 [0175.255] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.255] WbemLocator:IUnknown:Release (This=0xc20fa0) returned 0x1 [0175.255] WbemLocator:IUnknown:Release (This=0xc20fa0) returned 0x0 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xb5f770) returned 0x2 [0175.256] IUnknown:Release (This=0xb5f770) returned 0x1 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] WbemLocator:IUnknown:Release (This=0xc20fd0) returned 0x1 [0175.256] WbemLocator:IUnknown:Release (This=0xc20fd0) returned 0x0 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xe2f4e38) returned 0x2 [0175.256] IUnknown:Release (This=0xe2f4e38) returned 0x1 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xc17130) returned 0x2 [0175.256] IUnknown:Release (This=0xc17130) returned 0x1 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xe304290) returned 0x2 [0175.256] IUnknown:Release (This=0xe304290) returned 0x1 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xb7f788) returned 0x2 [0175.256] IUnknown:Release (This=0xb7f788) returned 0x1 [0175.256] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.256] IUnknown:Release (This=0xc16e18) returned 0x2 [0175.256] IUnknown:Release (This=0xc16e18) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xb801b8) returned 0x2 [0175.257] IUnknown:Release (This=0xb801b8) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xb80350) returned 0x2 [0175.257] IUnknown:Release (This=0xb80350) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xb804e8) returned 0x2 [0175.257] IUnknown:Release (This=0xb804e8) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xb7fbd0) returned 0x2 [0175.257] IUnknown:Release (This=0xb7fbd0) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xe301ff0) returned 0x2 [0175.257] IUnknown:Release (This=0xe301ff0) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xe3010d0) returned 0x2 [0175.257] IUnknown:Release (This=0xe3010d0) returned 0x1 [0175.257] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.257] IUnknown:Release (This=0xe3075b0) returned 0x2 [0175.257] IUnknown:Release (This=0xe3075b0) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xe307a10) returned 0x2 [0175.258] IUnknown:Release (This=0xe307a10) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xe307ba8) returned 0x2 [0175.258] IUnknown:Release (This=0xe307ba8) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xc225e0) returned 0x2 [0175.258] IUnknown:Release (This=0xc225e0) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xbfc680) returned 0x2 [0175.258] IUnknown:Release (This=0xbfc680) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xbfc818) returned 0x2 [0175.258] IUnknown:Release (This=0xbfc818) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xbfcb48) returned 0x2 [0175.258] IUnknown:Release (This=0xbfcb48) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.258] IUnknown:Release (This=0xbfc350) returned 0x2 [0175.258] IUnknown:Release (This=0xbfc350) returned 0x1 [0175.258] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0175.259] IUnknown:Release (This=0xbfc4e8) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30c208) returned 0x2 [0175.259] IUnknown:Release (This=0xe30c208) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30ca00) returned 0x2 [0175.259] IUnknown:Release (This=0xe30ca00) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30d390) returned 0x2 [0175.259] IUnknown:Release (This=0xe30d390) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0175.259] IUnknown:Release (This=0xe30c6d0) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30bed8) returned 0x2 [0175.259] IUnknown:Release (This=0xe30bed8) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.259] IUnknown:Release (This=0xe30d528) returned 0x2 [0175.259] IUnknown:Release (This=0xe30d528) returned 0x1 [0175.259] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30c868) returned 0x2 [0175.260] IUnknown:Release (This=0xe30c868) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30d858) returned 0x2 [0175.260] IUnknown:Release (This=0xe30d858) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30cb98) returned 0x2 [0175.260] IUnknown:Release (This=0xe30cb98) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0175.260] IUnknown:Release (This=0xe30c3a0) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0175.260] IUnknown:Release (This=0xe30d6c0) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30c538) returned 0x2 [0175.260] IUnknown:Release (This=0xe30c538) returned 0x1 [0175.260] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.260] IUnknown:Release (This=0xe30c070) returned 0x2 [0175.260] IUnknown:Release (This=0xe30c070) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30cd30) returned 0x2 [0175.261] IUnknown:Release (This=0xe30cd30) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0175.261] IUnknown:Release (This=0xe30d9f0) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30d060) returned 0x2 [0175.261] IUnknown:Release (This=0xe30d060) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0175.261] IUnknown:Release (This=0xe30d1f8) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30cec8) returned 0x2 [0175.261] IUnknown:Release (This=0xe30cec8) returned 0x1 [0175.261] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.261] IUnknown:Release (This=0xe30db88) returned 0x2 [0175.261] IUnknown:Release (This=0xe30db88) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe30dd20) returned 0x2 [0175.262] IUnknown:Release (This=0xe30dd20) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe31ca68) returned 0x2 [0175.262] IUnknown:Release (This=0xe31ca68) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe31d0c8) returned 0x2 [0175.262] IUnknown:Release (This=0xe31d0c8) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe31c738) returned 0x2 [0175.262] IUnknown:Release (This=0xe31c738) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe31dbf0) returned 0x2 [0175.262] IUnknown:Release (This=0xe31dbf0) returned 0x1 [0175.262] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.262] IUnknown:Release (This=0xe31df20) returned 0x2 [0175.263] IUnknown:Release (This=0xe31df20) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31d728) returned 0x2 [0175.263] IUnknown:Release (This=0xe31d728) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31dd88) returned 0x2 [0175.263] IUnknown:Release (This=0xe31dd88) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31da58) returned 0x2 [0175.263] IUnknown:Release (This=0xe31da58) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31e0b8) returned 0x2 [0175.263] IUnknown:Release (This=0xe31e0b8) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31d260) returned 0x2 [0175.263] IUnknown:Release (This=0xe31d260) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31c8d0) returned 0x2 [0175.263] IUnknown:Release (This=0xe31c8d0) returned 0x1 [0175.263] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.263] IUnknown:Release (This=0xe31e250) returned 0x2 [0175.264] IUnknown:Release (This=0xe31e250) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31d3f8) returned 0x2 [0175.264] IUnknown:Release (This=0xe31d3f8) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31d590) returned 0x2 [0175.264] IUnknown:Release (This=0xe31d590) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31cd98) returned 0x2 [0175.264] IUnknown:Release (This=0xe31cd98) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31d8c0) returned 0x2 [0175.264] IUnknown:Release (This=0xe31d8c0) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31e3e8) returned 0x2 [0175.264] IUnknown:Release (This=0xe31e3e8) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31cc00) returned 0x2 [0175.264] IUnknown:Release (This=0xe31cc00) returned 0x1 [0175.264] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.264] IUnknown:Release (This=0xe31cf30) returned 0x2 [0175.265] IUnknown:Release (This=0xe31cf30) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.265] IUnknown:Release (This=0xe31e580) returned 0x2 [0175.265] IUnknown:Release (This=0xe31e580) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.265] IUnknown:Release (This=0xe328520) returned 0x2 [0175.265] IUnknown:Release (This=0xe328520) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.265] IUnknown:Release (This=0xe3279f8) returned 0x2 [0175.265] IUnknown:Release (This=0xe3279f8) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.265] IUnknown:Release (This=0xe326870) returned 0x2 [0175.265] IUnknown:Release (This=0xe326870) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.265] IUnknown:Release (This=0xe328058) returned 0x2 [0175.265] IUnknown:Release (This=0xe328058) returned 0x1 [0175.265] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.266] IUnknown:Release (This=0xe3276c8) returned 0x2 [0175.266] IUnknown:Release (This=0xe3276c8) returned 0x1 [0175.266] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe3281f0) returned 0x2 [0175.267] IUnknown:Release (This=0xe3281f0) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe326a08) returned 0x2 [0175.267] IUnknown:Release (This=0xe326a08) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe327d28) returned 0x2 [0175.267] IUnknown:Release (This=0xe327d28) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe328388) returned 0x2 [0175.267] IUnknown:Release (This=0xe328388) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe327398) returned 0x2 [0175.267] IUnknown:Release (This=0xe327398) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe3286b8) returned 0x2 [0175.267] IUnknown:Release (This=0xe3286b8) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe326ba0) returned 0x2 [0175.267] IUnknown:Release (This=0xe326ba0) returned 0x1 [0175.267] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.267] IUnknown:Release (This=0xe327530) returned 0x2 [0175.268] IUnknown:Release (This=0xe327530) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe326d38) returned 0x2 [0175.268] IUnknown:Release (This=0xe326d38) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe326ed0) returned 0x2 [0175.268] IUnknown:Release (This=0xe326ed0) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe327ec0) returned 0x2 [0175.268] IUnknown:Release (This=0xe327ec0) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe327068) returned 0x2 [0175.268] IUnknown:Release (This=0xe327068) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe327b90) returned 0x2 [0175.268] IUnknown:Release (This=0xe327b90) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe327860) returned 0x2 [0175.268] IUnknown:Release (This=0xe327860) returned 0x1 [0175.268] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.268] IUnknown:Release (This=0xe327200) returned 0x2 [0175.268] IUnknown:Release (This=0xe327200) returned 0x1 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] IUnknown:Release (This=0xe334620) returned 0x2 [0175.269] IUnknown:Release (This=0xe334620) returned 0x1 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] IUnknown:Release (This=0xe333498) returned 0x2 [0175.269] IUnknown:Release (This=0xe333498) returned 0x1 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x1 [0175.269] WbemLocator:IUnknown:Release (This=0xc163f8) returned 0x0 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] IUnknown:Release (This=0xe3337c8) returned 0x2 [0175.269] IUnknown:Release (This=0xe3337c8) returned 0x1 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x1 [0175.269] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x0 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] IUnknown:Release (This=0xe333300) returned 0x2 [0175.269] IUnknown:Release (This=0xe333300) returned 0x1 [0175.269] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.269] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x1 [0175.269] WbemLocator:IUnknown:Release (This=0xc16578) returned 0x0 [0175.270] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0175.270] IUnknown:Release (This=0xe333e28) returned 0x2 [0175.270] IUnknown:Release (This=0xe333e28) returned 0x1 [0175.270] IUnknown:Release (This=0xe327d28) returned 0x0 [0175.270] IUnknown:Release (This=0xe326a08) returned 0x0 [0175.270] IUnknown:Release (This=0xe3281f0) returned 0x0 [0175.271] IUnknown:Release (This=0xe3276c8) returned 0x0 [0175.271] IUnknown:Release (This=0xe328058) returned 0x0 [0175.271] IUnknown:Release (This=0xe326870) returned 0x0 [0175.271] IUnknown:Release (This=0xe3279f8) returned 0x0 [0175.272] IUnknown:Release (This=0xe328520) returned 0x0 [0175.272] IUnknown:Release (This=0xe31e580) returned 0x0 [0175.272] IUnknown:Release (This=0xe31cf30) returned 0x0 [0175.272] IUnknown:Release (This=0xe31cc00) returned 0x0 [0175.272] IUnknown:Release (This=0xe31e3e8) returned 0x0 [0175.273] IUnknown:Release (This=0xe31d8c0) returned 0x0 [0175.273] IUnknown:Release (This=0xe31cd98) returned 0x0 [0175.273] IUnknown:Release (This=0xe31d590) returned 0x0 [0175.273] IUnknown:Release (This=0xe31d3f8) returned 0x0 [0175.274] IUnknown:Release (This=0xe31e250) returned 0x0 [0175.274] IUnknown:Release (This=0xe31c8d0) returned 0x0 [0175.274] IUnknown:Release (This=0xe31d260) returned 0x0 [0175.274] IUnknown:Release (This=0xe31e0b8) returned 0x0 [0175.274] IUnknown:Release (This=0xe31da58) returned 0x0 [0175.275] IUnknown:Release (This=0xe31dd88) returned 0x0 [0175.275] IUnknown:Release (This=0xe31d728) returned 0x0 [0175.275] IUnknown:Release (This=0xe31df20) returned 0x0 [0175.275] IUnknown:Release (This=0xe31dbf0) returned 0x0 [0175.276] IUnknown:Release (This=0xe31c738) returned 0x0 [0175.276] IUnknown:Release (This=0xe31d0c8) returned 0x0 [0175.276] IUnknown:Release (This=0xe31ca68) returned 0x0 [0175.276] IUnknown:Release (This=0xe30dd20) returned 0x0 [0175.276] IUnknown:Release (This=0xe30db88) returned 0x0 [0175.277] IUnknown:Release (This=0xe30cec8) returned 0x0 [0175.277] IUnknown:Release (This=0xe30d1f8) returned 0x0 [0175.277] IUnknown:Release (This=0xe30d060) returned 0x0 [0175.277] IUnknown:Release (This=0xe30d9f0) returned 0x0 [0175.278] IUnknown:Release (This=0xe30cd30) returned 0x0 [0175.278] IUnknown:Release (This=0xe30c070) returned 0x0 [0175.278] IUnknown:Release (This=0xe30c538) returned 0x0 [0175.278] IUnknown:Release (This=0xe30d6c0) returned 0x0 [0175.278] IUnknown:Release (This=0xe30c3a0) returned 0x0 [0175.279] IUnknown:Release (This=0xe30cb98) returned 0x0 [0175.279] IUnknown:Release (This=0xe30d858) returned 0x0 [0175.279] IUnknown:Release (This=0xe30c868) returned 0x0 [0175.279] IUnknown:Release (This=0xe30d528) returned 0x0 [0175.280] IUnknown:Release (This=0xe30bed8) returned 0x0 [0175.280] IUnknown:Release (This=0xe30c6d0) returned 0x0 [0175.280] IUnknown:Release (This=0xe30d390) returned 0x0 [0175.280] IUnknown:Release (This=0xe30ca00) returned 0x0 [0175.280] IUnknown:Release (This=0xe30c208) returned 0x0 [0175.281] IUnknown:Release (This=0xbfc4e8) returned 0x0 [0175.281] IUnknown:Release (This=0xbfc350) returned 0x0 [0175.281] IUnknown:Release (This=0xbfcb48) returned 0x0 [0175.281] IUnknown:Release (This=0xbfc818) returned 0x0 [0175.282] IUnknown:Release (This=0xbfc680) returned 0x0 [0175.282] IUnknown:Release (This=0xc225e0) returned 0x0 [0175.282] IUnknown:Release (This=0xe307ba8) returned 0x0 [0175.282] IUnknown:Release (This=0xe307a10) returned 0x0 [0175.283] IUnknown:Release (This=0xe3075b0) returned 0x0 [0175.283] IUnknown:Release (This=0xe3010d0) returned 0x0 [0175.283] IUnknown:Release (This=0xe301ff0) returned 0x0 [0175.283] IUnknown:Release (This=0xb7fbd0) returned 0x0 [0175.283] IUnknown:Release (This=0xb804e8) returned 0x0 [0175.284] IUnknown:Release (This=0xb80350) returned 0x0 [0175.284] IUnknown:Release (This=0xb801b8) returned 0x0 [0175.284] IUnknown:Release (This=0xc16e18) returned 0x0 [0175.284] IUnknown:Release (This=0xb7f788) returned 0x0 [0175.285] IUnknown:Release (This=0xe304290) returned 0x0 [0175.285] IUnknown:Release (This=0xc17130) returned 0x0 [0175.285] IUnknown:Release (This=0xe2f4e38) returned 0x0 [0175.285] IUnknown:Release (This=0xe3337c8) returned 0x0 [0175.286] IUnknown:Release (This=0xe333300) returned 0x0 [0175.287] IUnknown:Release (This=0xe333e28) returned 0x0 [0175.288] IUnknown:Release (This=0xb5f770) returned 0x0 [0175.288] IUnknown:Release (This=0xe333498) returned 0x0 [0175.288] IUnknown:Release (This=0xe334620) returned 0x0 [0175.288] IUnknown:Release (This=0xe327200) returned 0x0 [0175.288] IUnknown:Release (This=0xe327860) returned 0x0 [0175.289] IUnknown:Release (This=0xe327b90) returned 0x0 [0175.289] IUnknown:Release (This=0xe327068) returned 0x0 [0175.289] IUnknown:Release (This=0xe327ec0) returned 0x0 [0175.289] IUnknown:Release (This=0xe326ed0) returned 0x0 [0175.290] IUnknown:Release (This=0xe326d38) returned 0x0 [0175.290] IUnknown:Release (This=0xe327530) returned 0x0 [0175.290] IUnknown:Release (This=0xe326ba0) returned 0x0 [0175.290] IUnknown:Release (This=0xe3286b8) returned 0x0 [0175.291] IUnknown:Release (This=0xe327398) returned 0x0 [0175.291] IUnknown:Release (This=0xe328388) returned 0x0 [0175.293] CloseHandle (hObject=0x310) returned 1 [0175.293] RegCloseKey (hKey=0x3f4) returned 0x0 [0175.293] CloseHandle (hObject=0x30c) returned 1 [0175.294] CloseHandle (hObject=0x308) returned 1 [0175.294] CloseHandle (hObject=0x34c) returned 1 [0175.294] CloseHandle (hObject=0x224) returned 1 [0175.294] CloseHandle (hObject=0x304) returned 1 [0175.295] CloseHandle (hObject=0x300) returned 1 [0175.295] CloseHandle (hObject=0x228) returned 1 [0175.295] CloseHandle (hObject=0x2fc) returned 1 [0175.295] CloseHandle (hObject=0x344) returned 1 [0175.296] CloseHandle (hObject=0x31c) returned 1 [0175.296] RegCloseKey (hKey=0x3f8) returned 0x0 [0175.296] CloseHandle (hObject=0x2f4) returned 1 [0175.296] CloseHandle (hObject=0x318) returned 1 [0175.296] CloseHandle (hObject=0x340) returned 1 [0175.296] CloseHandle (hObject=0x314) returned 1 [0175.297] CloseHandle (hObject=0x350) returned 1 [0177.475] CoGetContextToken (in: pToken=0xf2f5c0 | out: pToken=0xf2f5c0) returned 0x0 [0177.475] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.475] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x1 [0177.475] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x0 [0177.475] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.475] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x1 [0177.475] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x0 [0177.476] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x1 [0177.476] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306a10) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306a10) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306230) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306230) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306930) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306930) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306b60) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe306b60) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe3068c0) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe3068c0) returned 0x0 [0177.477] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.477] WbemDefPath:IUnknown:Release (This=0xe3064d0) returned 0x1 [0177.477] WbemDefPath:IUnknown:Release (This=0xe3064d0) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3061c0) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3061c0) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3062a0) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3062a0) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3069a0) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3069a0) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3063f0) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe3063f0) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe306a80) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe306a80) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe306310) returned 0x1 [0177.478] WbemDefPath:IUnknown:Release (This=0xe306310) returned 0x0 [0177.478] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.478] WbemDefPath:IUnknown:Release (This=0xe306000) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306000) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306540) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306540) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306c40) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306c40) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306af0) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306af0) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306bd0) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306bd0) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe3067e0) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe3067e0) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306380) returned 0x1 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306380) returned 0x0 [0177.479] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.479] WbemDefPath:IUnknown:Release (This=0xe306460) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306460) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306cb0) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306cb0) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306770) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306770) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe305f20) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe305f20) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe305f90) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe305f90) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe3065b0) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe3065b0) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306150) returned 0x1 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306150) returned 0x0 [0177.480] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.480] WbemDefPath:IUnknown:Release (This=0xe306070) returned 0x1 [0177.481] WbemDefPath:IUnknown:Release (This=0xe306070) returned 0x0 [0177.481] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.481] WbemDefPath:IUnknown:Release (This=0xe3060e0) returned 0x1 [0177.481] WbemDefPath:IUnknown:Release (This=0xe3060e0) returned 0x0 [0177.481] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.481] WbemDefPath:IUnknown:Release (This=0xe306620) returned 0x1 [0177.481] WbemDefPath:IUnknown:Release (This=0xe306620) returned 0x0 [0177.481] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.481] WbemDefPath:IUnknown:Release (This=0xe306690) returned 0x1 [0177.481] WbemDefPath:IUnknown:Release (This=0xe306690) returned 0x0 [0177.481] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306700) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306700) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306850) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306850) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306e00) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306e00) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306e70) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306e70) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306d90) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306d90) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306d20) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe306d20) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.482] WbemDefPath:IUnknown:Release (This=0xe322ea8) returned 0x1 [0177.482] WbemDefPath:IUnknown:Release (This=0xe322ea8) returned 0x0 [0177.482] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322c08) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322c08) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322d58) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322d58) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322578) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322578) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe3227a8) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe3227a8) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322498) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322498) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322658) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322658) returned 0x0 [0177.483] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322428) returned 0x1 [0177.483] WbemDefPath:IUnknown:Release (This=0xe322428) returned 0x0 [0177.484] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.484] WbemDefPath:IUnknown:Release (This=0xe322508) returned 0x1 [0177.484] WbemDefPath:IUnknown:Release (This=0xe322508) returned 0x0 [0177.484] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.484] WbemDefPath:IUnknown:Release (This=0xe322a48) returned 0x1 [0177.484] WbemDefPath:IUnknown:Release (This=0xe322a48) returned 0x0 [0177.484] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322968) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322968) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322dc8) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322dc8) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322738) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322738) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322f18) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322f18) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322e38) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322e38) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322f88) returned 0x1 [0177.485] WbemDefPath:IUnknown:Release (This=0xe322f88) returned 0x0 [0177.485] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.485] WbemDefPath:IUnknown:Release (This=0xe323068) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe323068) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe322ff8) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe322ff8) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3225e8) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3225e8) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3230d8) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3230d8) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3229d8) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe3229d8) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe323148) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe323148) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.486] WbemDefPath:IUnknown:Release (This=0xe322818) returned 0x1 [0177.486] WbemDefPath:IUnknown:Release (This=0xe322818) returned 0x0 [0177.486] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322888) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322888) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3226c8) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3226c8) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3223b8) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3223b8) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3228f8) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe3228f8) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322ab8) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322ab8) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322b28) returned 0x1 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322b28) returned 0x0 [0177.487] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.487] WbemDefPath:IUnknown:Release (This=0xe322b98) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe322b98) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe322c78) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe322c78) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe322ce8) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe322ce8) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323228) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323228) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323308) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323308) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe3231b8) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe3231b8) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323298) returned 0x1 [0177.488] WbemDefPath:IUnknown:Release (This=0xe323298) returned 0x0 [0177.488] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335878) returned 0x1 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335878) returned 0x0 [0177.489] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335b18) returned 0x1 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335b18) returned 0x0 [0177.489] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335108) returned 0x1 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335108) returned 0x0 [0177.489] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335028) returned 0x1 [0177.489] WbemDefPath:IUnknown:Release (This=0xe335028) returned 0x0 [0177.489] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.489] WbemDefPath:IUnknown:Release (This=0xe3358e8) returned 0x1 [0177.489] WbemDefPath:IUnknown:Release (This=0xe3358e8) returned 0x0 [0177.490] CoGetContextToken (in: pToken=0xf2f5c0 | out: pToken=0xf2f5c0) returned 0x0 [0177.490] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.490] WbemLocator:IUnknown:Release (This=0xbbdf00) returned 0x1 [0177.490] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x0 [0177.491] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.491] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0177.491] WbemLocator:IUnknown:Release (This=0xc16318) returned 0x0 [0177.491] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.491] WbemLocator:IUnknown:Release (This=0xbbe800) returned 0x1 [0177.491] WbemLocator:IUnknown:Release (This=0xe330130) returned 0x0 [0177.492] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.492] WbemLocator:IUnknown:Release (This=0xbbec00) returned 0x1 [0177.492] WbemLocator:IUnknown:Release (This=0xe330040) returned 0x0 [0177.492] CoGetContextToken (in: pToken=0xf2f540 | out: pToken=0xf2f540) returned 0x0 [0177.492] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0177.492] WbemLocator:IUnknown:Release (This=0xe32ff50) returned 0x0 [0177.493] IUnknown:Release (This=0xb71a30) returned 0x0 [0177.493] GdipDisposeImage (image=0xd91f08) returned 0x0 [0187.751] FreeLibrary (hLibModule=0x6a7d0000) returned 1 [0187.771] FreeLibrary (hLibModule=0x6a700000) returned 1 [0187.778] ??3@YAXPAX@Z () returned 0x1 [0187.784] LocalFree (hMem=0xb76b60) returned 0x0 [0187.784] EtwEventUnregister (RegHandle=0xb97910) returned 0x0 [0187.800] IUnknown:Release (This=0xe3012a8) returned 0x2 [0187.801] IUnknown:Release (This=0xe334828) returned 0x2 [0187.802] IUnknown:Release (This=0xe334030) returned 0x2 [0187.802] IUnknown:Release (This=0xe333d00) returned 0x2 [0187.803] IUnknown:Release (This=0xe3339d0) returned 0x2 [0187.803] IUnknown:Release (This=0xe3344f8) returned 0x2 [0187.804] IUnknown:Release (This=0xe333838) returned 0x2 [0187.804] IUnknown:Release (This=0xe3349c0) returned 0x2 [0187.805] IUnknown:Release (This=0xe334e88) returned 0x2 [0187.805] IUnknown:Release (This=0xe333508) returned 0x2 [0187.806] IUnknown:Release (This=0xe334690) returned 0x2 [0187.806] IUnknown:Release (This=0xe334cf0) returned 0x2 [0187.807] IUnknown:Release (This=0xe3351b8) returned 0x2 [0187.807] IUnknown:Release (This=0xe333370) returned 0x2 [0187.808] IUnknown:Release (This=0xe335020) returned 0x2 [0187.808] IUnknown:Release (This=0xe334b58) returned 0x2 [0187.808] IUnknown:Release (This=0xe333b68) returned 0x2 [0187.809] IUnknown:Release (This=0xe3336a0) returned 0x2 [0187.809] IUnknown:Release (This=0xe333e98) returned 0x2 [0187.810] IUnknown:Release (This=0xe334360) returned 0x2 [0187.810] IUnknown:Release (This=0xe30a530) returned 0x2 [0187.811] IUnknown:Release (This=0xe30a068) returned 0x2 [0187.811] IUnknown:Release (This=0xe30bd18) returned 0x2 [0187.812] IUnknown:Release (This=0xe30bb80) returned 0x2 [0187.812] IUnknown:Release (This=0xe30b9e8) returned 0x2 [0187.812] IUnknown:Release (This=0xe30a860) returned 0x2 [0187.813] IUnknown:Release (This=0xe309ed0) returned 0x2 [0187.813] IUnknown:Release (This=0xe30b850) returned 0x2 [0187.814] IUnknown:Release (This=0xe30b6b8) returned 0x2 [0187.814] IUnknown:Release (This=0xe30a398) returned 0x2 [0187.815] IUnknown:Release (This=0xe30b520) returned 0x2 [0187.815] IUnknown:Release (This=0xe30b1f0) returned 0x2 [0187.816] IUnknown:Release (This=0xe30aec0) returned 0x2 [0187.816] IUnknown:Release (This=0xe30a6c8) returned 0x2 [0187.816] IUnknown:Release (This=0xe30ad28) returned 0x2 [0187.817] IUnknown:Release (This=0xe30b058) returned 0x2 [0187.817] IUnknown:Release (This=0xe30ab90) returned 0x2 [0187.818] IUnknown:Release (This=0xe30b388) returned 0x2 [0187.818] IUnknown:Release (This=0xe30a200) returned 0x2 [0187.818] IUnknown:Release (This=0xe30a9f8) returned 0x2 [0187.819] IUnknown:Release (This=0xe31c020) returned 0x2 [0187.819] IUnknown:Release (This=0xe31cce0) returned 0x2 [0187.820] IUnknown:Release (This=0xe31be88) returned 0x2 [0187.820] IUnknown:Release (This=0xe31bcf0) returned 0x2 [0187.820] IUnknown:Release (This=0xe31c818) returned 0x2 [0187.821] IUnknown:Release (This=0xe31bb58) returned 0x2 [0187.821] IUnknown:Release (This=0xe31c680) returned 0x2 [0187.822] IUnknown:Release (This=0xe31b9c0) returned 0x2 [0187.822] IUnknown:Release (This=0xe31b828) returned 0x2 [0187.822] IUnknown:Release (This=0xe31c4e8) returned 0x2 [0187.823] IUnknown:Release (This=0xe31b030) returned 0x2 [0187.823] IUnknown:Release (This=0xe31cb48) returned 0x2 [0187.823] IUnknown:Release (This=0xe31b360) returned 0x2 [0187.824] IUnknown:Release (This=0xe31c350) returned 0x2 [0187.824] IUnknown:Release (This=0xe31ae98) returned 0x2 [0187.824] IUnknown:Release (This=0xe31b4f8) returned 0x2 [0187.825] IUnknown:Release (This=0xe31c1b8) returned 0x2 [0187.825] IUnknown:Release (This=0xe31b690) returned 0x2 [0187.825] IUnknown:Release (This=0xe31b1c8) returned 0x2 [0187.826] IUnknown:Release (This=0xe31c9b0) returned 0x2 [0187.826] IUnknown:Release (This=0xe30d858) returned 0x2 [0187.826] IUnknown:Release (This=0xe30dd20) returned 0x2 [0187.827] IUnknown:Release (This=0xe30c868) returned 0x2 [0187.827] IUnknown:Release (This=0xe30d6c0) returned 0x2 [0187.827] IUnknown:Release (This=0xe30db88) returned 0x2 [0187.828] IUnknown:Release (This=0xe30c6d0) returned 0x2 [0187.828] IUnknown:Release (This=0xe30d390) returned 0x2 [0187.828] IUnknown:Release (This=0xe30c208) returned 0x2 [0187.829] IUnknown:Release (This=0xe30c538) returned 0x2 [0187.829] IUnknown:Release (This=0xe30d9f0) returned 0x2 [0187.829] IUnknown:Release (This=0xe30d060) returned 0x2 [0187.830] IUnknown:Release (This=0xe30c3a0) returned 0x2 [0187.830] IUnknown:Release (This=0xe30c070) returned 0x2 [0187.830] IUnknown:Release (This=0xe30cd30) returned 0x2 [0187.831] IUnknown:Release (This=0xe30cec8) returned 0x2 [0187.831] IUnknown:Release (This=0xe30d1f8) returned 0x2 [0187.831] IUnknown:Release (This=0xe30cb98) returned 0x2 [0187.832] IUnknown:Release (This=0xe30bed8) returned 0x2 [0187.832] IUnknown:Release (This=0xe30ca00) returned 0x2 [0187.833] IUnknown:Release (This=0xe30d528) returned 0x2 [0187.833] IUnknown:Release (This=0xbfc680) returned 0x2 [0187.833] IUnknown:Release (This=0xbfc4e8) returned 0x2 [0187.834] IUnknown:Release (This=0xbfc350) returned 0x2 [0187.834] IUnknown:Release (This=0xbfc818) returned 0x2 [0187.838] CloseHandle (hObject=0x3f0) returned 1 [0187.839] EtwEventUnregister (RegHandle=0xb96f50) returned 0x0 [0187.844] RegCloseKey (hKey=0x300) returned 0x0 [0187.845] RegCloseKey (hKey=0x228) returned 0x0 [0187.845] RegCloseKey (hKey=0x2fc) returned 0x0 [0187.846] CloseHandle (hObject=0x308) returned 1 [0187.846] CloseHandle (hObject=0x304) returned 1 [0187.851] CloseHandle (hObject=0x404) returned 1 [0187.851] UnmapViewOfFile (lpBaseAddress=0xe180000) returned 1 [0187.853] CloseHandle (hObject=0x368) returned 1 [0187.855] setsockopt (s=0x348, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0187.855] closesocket (s=0x348) returned 0 [0187.857] RegCloseKey (hKey=0x80000004) returned 0x0 [0187.860] CoGetContextToken (in: pToken=0xf2f210 | out: pToken=0xf2f210) returned 0x0 [0187.860] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.860] WbemDefPath:IUnknown:Release (This=0xb7f9e8) returned 0x1 [0187.860] WbemDefPath:IUnknown:Release (This=0xb7f9e8) returned 0x0 [0187.860] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.860] WbemDefPath:IUnknown:Release (This=0xe324928) returned 0x1 [0187.860] WbemDefPath:IUnknown:Release (This=0xe324928) returned 0x0 [0187.861] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.861] WbemDefPath:IUnknown:Release (This=0xb80388) returned 0x1 [0187.861] WbemDefPath:IUnknown:Release (This=0xb80388) returned 0x0 [0187.861] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.861] WbemDefPath:IUnknown:Release (This=0xe324d18) returned 0x1 [0187.861] WbemDefPath:IUnknown:Release (This=0xe324d18) returned 0x0 [0187.861] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.861] WbemDefPath:IUnknown:Release (This=0xe3245a8) returned 0x1 [0187.861] WbemDefPath:IUnknown:Release (This=0xe3245a8) returned 0x0 [0187.862] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.862] WbemDefPath:IUnknown:Release (This=0xb7fb38) returned 0x1 [0187.862] WbemDefPath:IUnknown:Release (This=0xb7fb38) returned 0x0 [0187.862] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.862] WbemDefPath:IUnknown:Release (This=0xe3244c8) returned 0x1 [0187.862] WbemDefPath:IUnknown:Release (This=0xe3244c8) returned 0x0 [0187.862] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.862] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x1 [0187.862] WbemDefPath:IUnknown:Release (This=0xbc3210) returned 0x0 [0187.863] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.863] WbemDefPath:IUnknown:Release (This=0xb804d8) returned 0x1 [0187.863] WbemDefPath:IUnknown:Release (This=0xb804d8) returned 0x0 [0187.863] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.863] WbemDefPath:IUnknown:Release (This=0xe324e68) returned 0x1 [0187.863] WbemDefPath:IUnknown:Release (This=0xe324e68) returned 0x0 [0187.863] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.863] WbemDefPath:IUnknown:Release (This=0xb7fc88) returned 0x1 [0187.863] WbemDefPath:IUnknown:Release (This=0xb7fc88) returned 0x0 [0187.864] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.864] WbemDefPath:IUnknown:Release (This=0xb80628) returned 0x1 [0187.864] WbemDefPath:IUnknown:Release (This=0xb80628) returned 0x0 [0187.864] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.864] WbemDefPath:IUnknown:Release (This=0xe324fb8) returned 0x1 [0187.864] WbemDefPath:IUnknown:Release (This=0xe324fb8) returned 0x0 [0187.864] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.864] WbemDefPath:IUnknown:Release (This=0xe324bc8) returned 0x1 [0187.864] WbemDefPath:IUnknown:Release (This=0xe324bc8) returned 0x0 [0187.865] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.865] WbemDefPath:IUnknown:Release (This=0xb7fba8) returned 0x1 [0187.865] WbemDefPath:IUnknown:Release (This=0xb7fba8) returned 0x0 [0187.865] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.865] WbemDefPath:IUnknown:Release (This=0xe325258) returned 0x1 [0187.865] WbemDefPath:IUnknown:Release (This=0xe325258) returned 0x0 [0187.865] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.865] WbemDefPath:IUnknown:Release (This=0xb7fdd8) returned 0x1 [0187.865] WbemDefPath:IUnknown:Release (This=0xb7fdd8) returned 0x0 [0187.866] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.866] WbemDefPath:IUnknown:Release (This=0xe324768) returned 0x1 [0187.866] WbemDefPath:IUnknown:Release (This=0xe324768) returned 0x0 [0187.866] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.866] WbemDefPath:IUnknown:Release (This=0xe325108) returned 0x1 [0187.866] WbemDefPath:IUnknown:Release (This=0xe325108) returned 0x0 [0187.866] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.866] WbemDefPath:IUnknown:Release (This=0xb7ff28) returned 0x1 [0187.866] WbemDefPath:IUnknown:Release (This=0xb7ff28) returned 0x0 [0187.867] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.867] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x1 [0187.867] WbemDefPath:IUnknown:Release (This=0xbc2e90) returned 0x0 [0187.867] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.867] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x1 [0187.867] WbemDefPath:IUnknown:Release (This=0xbc2fe0) returned 0x0 [0187.867] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.867] WbemDefPath:IUnknown:Release (This=0xe324a08) returned 0x1 [0187.867] WbemDefPath:IUnknown:Release (This=0xe324a08) returned 0x0 [0187.868] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.868] WbemDefPath:IUnknown:Release (This=0xe3253a8) returned 0x1 [0187.868] WbemDefPath:IUnknown:Release (This=0xe3253a8) returned 0x0 [0187.868] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.868] WbemDefPath:IUnknown:Release (This=0xb7f828) returned 0x1 [0187.868] WbemDefPath:IUnknown:Release (This=0xb7f828) returned 0x0 [0187.868] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.868] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x1 [0187.868] WbemDefPath:IUnknown:Release (This=0xbc3050) returned 0x0 [0187.869] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.869] WbemDefPath:IUnknown:Release (This=0xb801c8) returned 0x1 [0187.869] WbemDefPath:IUnknown:Release (This=0xb801c8) returned 0x0 [0187.869] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.869] WbemDefPath:IUnknown:Release (This=0xe324b58) returned 0x1 [0187.869] WbemDefPath:IUnknown:Release (This=0xe324b58) returned 0x0 [0187.869] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.869] WbemDefPath:IUnknown:Release (This=0xe300830) returned 0x1 [0187.869] WbemDefPath:IUnknown:Release (This=0xe300830) returned 0x0 [0187.870] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.870] WbemDefPath:IUnknown:Release (This=0xe324998) returned 0x1 [0187.870] WbemDefPath:IUnknown:Release (This=0xe324998) returned 0x0 [0187.870] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.870] WbemDefPath:IUnknown:Release (This=0xb7f978) returned 0x1 [0187.870] WbemDefPath:IUnknown:Release (This=0xb7f978) returned 0x0 [0187.870] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.870] WbemDefPath:IUnknown:Release (This=0xe325338) returned 0x1 [0187.870] WbemDefPath:IUnknown:Release (This=0xe325338) returned 0x0 [0187.870] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.871] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x1 [0187.871] WbemDefPath:IUnknown:Release (This=0xbc30c0) returned 0x0 [0187.871] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.871] WbemDefPath:IUnknown:Release (This=0xb80318) returned 0x1 [0187.871] WbemDefPath:IUnknown:Release (This=0xb80318) returned 0x0 [0187.871] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.871] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x1 [0187.871] WbemDefPath:IUnknown:Release (This=0xbc3280) returned 0x0 [0187.871] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.871] WbemDefPath:IUnknown:Release (This=0xb7fac8) returned 0x1 [0187.871] WbemDefPath:IUnknown:Release (This=0xb7fac8) returned 0x0 [0187.872] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.872] WbemDefPath:IUnknown:Release (This=0xe324458) returned 0x1 [0187.872] WbemDefPath:IUnknown:Release (This=0xe324458) returned 0x0 [0187.872] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.872] WbemDefPath:IUnknown:Release (This=0xb80468) returned 0x1 [0187.872] WbemDefPath:IUnknown:Release (This=0xb80468) returned 0x0 [0187.872] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.872] WbemDefPath:IUnknown:Release (This=0xe324df8) returned 0x1 [0187.872] WbemDefPath:IUnknown:Release (This=0xe324df8) returned 0x0 [0187.873] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.873] WbemDefPath:IUnknown:Release (This=0xe324618) returned 0x1 [0187.873] WbemDefPath:IUnknown:Release (This=0xe324618) returned 0x0 [0187.873] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.873] WbemDefPath:IUnknown:Release (This=0xb7fc18) returned 0x1 [0187.873] WbemDefPath:IUnknown:Release (This=0xb7fc18) returned 0x0 [0187.873] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.873] WbemDefPath:IUnknown:Release (This=0xe300050) returned 0x1 [0187.873] WbemDefPath:IUnknown:Release (This=0xe300050) returned 0x0 [0187.874] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.874] WbemDefPath:IUnknown:Release (This=0xe300280) returned 0x1 [0187.874] WbemDefPath:IUnknown:Release (This=0xe300280) returned 0x0 [0187.874] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.874] WbemDefPath:IUnknown:Release (This=0xe300520) returned 0x1 [0187.874] WbemDefPath:IUnknown:Release (This=0xe300520) returned 0x0 [0187.874] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.874] WbemDefPath:IUnknown:Release (This=0xb805b8) returned 0x1 [0187.874] WbemDefPath:IUnknown:Release (This=0xb805b8) returned 0x0 [0187.875] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.875] WbemDefPath:IUnknown:Release (This=0xbc3520) returned 0x1 [0187.875] WbemDefPath:IUnknown:Release (This=0xbc3520) returned 0x0 [0187.875] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.875] WbemDefPath:IUnknown:Release (This=0xb7fd68) returned 0x1 [0187.875] WbemDefPath:IUnknown:Release (This=0xb7fd68) returned 0x0 [0187.875] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.875] WbemDefPath:IUnknown:Release (This=0xe3246f8) returned 0x1 [0187.875] WbemDefPath:IUnknown:Release (This=0xe3246f8) returned 0x0 [0187.876] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.876] WbemDefPath:IUnknown:Release (This=0xb80708) returned 0x1 [0187.876] WbemDefPath:IUnknown:Release (This=0xb80708) returned 0x0 [0187.876] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.876] WbemDefPath:IUnknown:Release (This=0xe325098) returned 0x1 [0187.876] WbemDefPath:IUnknown:Release (This=0xe325098) returned 0x0 [0187.876] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.876] WbemDefPath:IUnknown:Release (This=0xe2ffb80) returned 0x1 [0187.876] WbemDefPath:IUnknown:Release (This=0xe2ffb80) returned 0x0 [0187.876] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.877] WbemDefPath:IUnknown:Release (This=0xe324848) returned 0x1 [0187.877] WbemDefPath:IUnknown:Release (This=0xe324848) returned 0x0 [0187.877] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.877] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x1 [0187.877] WbemDefPath:IUnknown:Release (This=0xbc33d0) returned 0x0 [0187.877] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.877] WbemDefPath:IUnknown:Release (This=0xe3251e8) returned 0x1 [0187.877] WbemDefPath:IUnknown:Release (This=0xe3251e8) returned 0x0 [0187.877] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.877] WbemDefPath:IUnknown:Release (This=0xb80008) returned 0x1 [0187.878] WbemDefPath:IUnknown:Release (This=0xb80008) returned 0x0 [0187.878] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.878] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x1 [0187.878] WbemDefPath:IUnknown:Release (This=0xbc2f70) returned 0x0 [0187.878] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.878] WbemDefPath:IUnknown:Release (This=0xe300670) returned 0x1 [0187.878] WbemDefPath:IUnknown:Release (This=0xe300670) returned 0x0 [0187.878] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.878] WbemDefPath:IUnknown:Release (This=0xe3248b8) returned 0x1 [0187.878] WbemDefPath:IUnknown:Release (This=0xe3248b8) returned 0x0 [0187.879] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.879] WbemDefPath:IUnknown:Release (This=0xb7f7b8) returned 0x1 [0187.879] WbemDefPath:IUnknown:Release (This=0xb7f7b8) returned 0x0 [0187.879] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.879] WbemDefPath:IUnknown:Release (This=0xe324d88) returned 0x1 [0187.879] WbemDefPath:IUnknown:Release (This=0xe324d88) returned 0x0 [0187.879] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.879] WbemDefPath:IUnknown:Release (This=0xb80158) returned 0x1 [0187.879] WbemDefPath:IUnknown:Release (This=0xb80158) returned 0x0 [0187.880] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.880] WbemDefPath:IUnknown:Release (This=0xe324ae8) returned 0x1 [0187.880] WbemDefPath:IUnknown:Release (This=0xe324ae8) returned 0x0 [0187.880] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.880] WbemDefPath:IUnknown:Release (This=0xb7f908) returned 0x1 [0187.880] WbemDefPath:IUnknown:Release (This=0xb7f908) returned 0x0 [0187.880] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.880] WbemDefPath:IUnknown:Release (This=0xb80078) returned 0x1 [0187.880] WbemDefPath:IUnknown:Release (This=0xb80078) returned 0x0 [0187.881] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.881] WbemDefPath:IUnknown:Release (This=0xb802a8) returned 0x1 [0187.881] WbemDefPath:IUnknown:Release (This=0xb802a8) returned 0x0 [0187.881] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.881] WbemDefPath:IUnknown:Release (This=0xe324c38) returned 0x1 [0187.881] WbemDefPath:IUnknown:Release (This=0xe324c38) returned 0x0 [0187.881] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.881] WbemDefPath:IUnknown:Release (This=0xe324f48) returned 0x1 [0187.881] WbemDefPath:IUnknown:Release (This=0xe324f48) returned 0x0 [0187.881] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.882] WbemDefPath:IUnknown:Release (This=0xb7fa58) returned 0x1 [0187.882] WbemDefPath:IUnknown:Release (This=0xb7fa58) returned 0x0 [0187.882] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.882] WbemDefPath:IUnknown:Release (This=0xe3000c0) returned 0x1 [0187.882] WbemDefPath:IUnknown:Release (This=0xe3000c0) returned 0x0 [0187.883] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.883] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x1 [0187.883] WbemDefPath:IUnknown:Release (This=0xbc31a0) returned 0x0 [0187.883] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.883] WbemDefPath:IUnknown:Release (This=0xb803f8) returned 0x1 [0187.884] WbemDefPath:IUnknown:Release (This=0xb803f8) returned 0x0 [0187.884] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.884] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x1 [0187.884] WbemDefPath:IUnknown:Release (This=0xbc3360) returned 0x0 [0187.884] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.884] WbemDefPath:IUnknown:Release (This=0xe324538) returned 0x1 [0187.884] WbemDefPath:IUnknown:Release (This=0xe324538) returned 0x0 [0187.884] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.884] WbemDefPath:IUnknown:Release (This=0xb80548) returned 0x1 [0187.884] WbemDefPath:IUnknown:Release (This=0xb80548) returned 0x0 [0187.885] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.885] WbemDefPath:IUnknown:Release (This=0xe324ed8) returned 0x1 [0187.885] WbemDefPath:IUnknown:Release (This=0xe324ed8) returned 0x0 [0187.885] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.885] WbemDefPath:IUnknown:Release (This=0xb7fcf8) returned 0x1 [0187.885] WbemDefPath:IUnknown:Release (This=0xb7fcf8) returned 0x0 [0187.885] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.885] WbemDefPath:IUnknown:Release (This=0xe324688) returned 0x1 [0187.885] WbemDefPath:IUnknown:Release (This=0xe324688) returned 0x0 [0187.886] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.886] WbemDefPath:IUnknown:Release (This=0xb80698) returned 0x1 [0187.886] WbemDefPath:IUnknown:Release (This=0xb80698) returned 0x0 [0187.886] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.886] WbemDefPath:IUnknown:Release (This=0xe325028) returned 0x1 [0187.886] WbemDefPath:IUnknown:Release (This=0xe325028) returned 0x0 [0187.886] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.886] WbemDefPath:IUnknown:Release (This=0xb7fe48) returned 0x1 [0187.886] WbemDefPath:IUnknown:Release (This=0xb7fe48) returned 0x0 [0187.887] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.887] WbemDefPath:IUnknown:Release (This=0xe3247d8) returned 0x1 [0187.887] WbemDefPath:IUnknown:Release (This=0xe3247d8) returned 0x0 [0187.887] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.887] WbemDefPath:IUnknown:Release (This=0xe325178) returned 0x1 [0187.887] WbemDefPath:IUnknown:Release (This=0xe325178) returned 0x0 [0187.887] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.887] WbemDefPath:IUnknown:Release (This=0xe324ca8) returned 0x1 [0187.887] WbemDefPath:IUnknown:Release (This=0xe324ca8) returned 0x0 [0187.888] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.888] WbemDefPath:IUnknown:Release (This=0xb7ff98) returned 0x1 [0187.888] WbemDefPath:IUnknown:Release (This=0xb7ff98) returned 0x0 [0187.888] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.888] WbemDefPath:IUnknown:Release (This=0xe3252c8) returned 0x1 [0187.888] WbemDefPath:IUnknown:Release (This=0xe3252c8) returned 0x0 [0187.888] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.888] WbemDefPath:IUnknown:Release (This=0xb800e8) returned 0x1 [0187.888] WbemDefPath:IUnknown:Release (This=0xb800e8) returned 0x0 [0187.889] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.889] WbemDefPath:IUnknown:Release (This=0xe324a78) returned 0x1 [0187.889] WbemDefPath:IUnknown:Release (This=0xe324a78) returned 0x0 [0187.889] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.889] WbemDefPath:IUnknown:Release (This=0xb7f898) returned 0x1 [0187.889] WbemDefPath:IUnknown:Release (This=0xb7f898) returned 0x0 [0187.889] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.889] WbemDefPath:IUnknown:Release (This=0xe2ffc60) returned 0x1 [0187.889] WbemDefPath:IUnknown:Release (This=0xe2ffc60) returned 0x0 [0187.890] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.890] WbemDefPath:IUnknown:Release (This=0xb80238) returned 0x1 [0187.890] WbemDefPath:IUnknown:Release (This=0xb80238) returned 0x0 [0187.890] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.890] WbemDefPath:IUnknown:Release (This=0xb7feb8) returned 0x1 [0187.890] WbemDefPath:IUnknown:Release (This=0xb7feb8) returned 0x0 [0187.890] CoGetContextToken (in: pToken=0xf2f210 | out: pToken=0xf2f210) returned 0x0 [0187.890] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.890] IUnknown:Release (This=0xe31cce0) returned 0x1 [0187.890] IUnknown:Release (This=0xe31cce0) returned 0x0 [0187.891] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.891] IUnknown:Release (This=0xe31b828) returned 0x1 [0187.891] IUnknown:Release (This=0xe31b828) returned 0x0 [0187.891] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.891] IUnknown:Release (This=0xe333d00) returned 0x1 [0187.891] IUnknown:Release (This=0xe333d00) returned 0x0 [0187.891] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.891] IUnknown:Release (This=0xe30b388) returned 0x1 [0187.891] IUnknown:Release (This=0xe30b388) returned 0x0 [0187.892] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.892] IUnknown:Release (This=0xbfc680) returned 0x1 [0187.892] IUnknown:Release (This=0xbfc680) returned 0x0 [0187.892] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.892] WbemLocator:IUnknown:Release (This=0xc16428) returned 0x1 [0187.892] WbemLocator:IUnknown:Release (This=0xc16428) returned 0x0 [0187.892] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.892] IUnknown:Release (This=0xe30c6d0) returned 0x1 [0187.892] IUnknown:Release (This=0xe30c6d0) returned 0x0 [0187.893] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.893] IUnknown:Release (This=0xe333b68) returned 0x1 [0187.893] IUnknown:Release (This=0xe333b68) returned 0x0 [0187.893] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.893] WbemLocator:IUnknown:Release (This=0xbbe700) returned 0x1 [0187.893] WbemLocator:IUnknown:Release (This=0xe31d618) returned 0x0 [0187.894] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.894] IUnknown:Release (This=0xe31c1b8) returned 0x1 [0187.894] IUnknown:Release (This=0xe31c1b8) returned 0x0 [0187.895] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.895] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x1 [0187.895] WbemLocator:IUnknown:Release (This=0xc16418) returned 0x0 [0187.895] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.895] IUnknown:Release (This=0xe334690) returned 0x1 [0187.895] IUnknown:Release (This=0xe334690) returned 0x0 [0187.895] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.895] IUnknown:Release (This=0xe30bd18) returned 0x1 [0187.895] IUnknown:Release (This=0xe30bd18) returned 0x0 [0187.896] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.896] IUnknown:Release (This=0xe30d060) returned 0x1 [0187.896] IUnknown:Release (This=0xe30d060) returned 0x0 [0187.896] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.896] WbemLocator:IUnknown:Release (This=0xc16568) returned 0x1 [0187.896] WbemLocator:IUnknown:Release (This=0xc16568) returned 0x0 [0187.896] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.896] IUnknown:Release (This=0xe31cb48) returned 0x1 [0187.896] IUnknown:Release (This=0xe31cb48) returned 0x0 [0187.897] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.897] IUnknown:Release (This=0xe335020) returned 0x1 [0187.897] IUnknown:Release (This=0xe335020) returned 0x0 [0187.897] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.897] IUnknown:Release (This=0xe31b4f8) returned 0x1 [0187.897] IUnknown:Release (This=0xe31b4f8) returned 0x0 [0187.897] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.897] IUnknown:Release (This=0xe30d9f0) returned 0x1 [0187.897] IUnknown:Release (This=0xe30d9f0) returned 0x0 [0187.898] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.898] IUnknown:Release (This=0xe30b1f0) returned 0x1 [0187.898] IUnknown:Release (This=0xe30b1f0) returned 0x0 [0187.898] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.898] IUnknown:Release (This=0xbfc4e8) returned 0x1 [0187.898] IUnknown:Release (This=0xbfc4e8) returned 0x0 [0187.899] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.899] IUnknown:Release (This=0xe309ed0) returned 0x1 [0187.899] IUnknown:Release (This=0xe309ed0) returned 0x0 [0187.899] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.899] WbemLocator:IUnknown:Release (This=0xbbf400) returned 0x1 [0187.899] WbemLocator:IUnknown:Release (This=0xe31d1b8) returned 0x0 [0187.900] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.900] IUnknown:Release (This=0xe30c538) returned 0x1 [0187.900] IUnknown:Release (This=0xe30c538) returned 0x0 [0187.900] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.900] WbemLocator:IUnknown:Release (This=0xc163e8) returned 0x1 [0187.900] WbemLocator:IUnknown:Release (This=0xc163e8) returned 0x0 [0187.900] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.900] IUnknown:Release (This=0xe31c020) returned 0x1 [0187.900] IUnknown:Release (This=0xe31c020) returned 0x0 [0187.901] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.901] IUnknown:Release (This=0xe3344f8) returned 0x1 [0187.901] IUnknown:Release (This=0xe3344f8) returned 0x0 [0187.901] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.901] IUnknown:Release (This=0xe30cec8) returned 0x1 [0187.901] IUnknown:Release (This=0xe30cec8) returned 0x0 [0187.901] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.902] IUnknown:Release (This=0xe30a860) returned 0x1 [0187.902] IUnknown:Release (This=0xe30a860) returned 0x0 [0187.902] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.902] IUnknown:Release (This=0xe31c9b0) returned 0x1 [0187.902] IUnknown:Release (This=0xe31c9b0) returned 0x0 [0187.902] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.902] IUnknown:Release (This=0xe334e88) returned 0x1 [0187.903] IUnknown:Release (This=0xe334e88) returned 0x0 [0187.903] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.903] IUnknown:Release (This=0xe30d858) returned 0x1 [0187.903] IUnknown:Release (This=0xe30d858) returned 0x0 [0187.903] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.903] IUnknown:Release (This=0xe3339d0) returned 0x1 [0187.903] IUnknown:Release (This=0xe3339d0) returned 0x0 [0187.904] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.904] IUnknown:Release (This=0xe30b058) returned 0x1 [0187.904] IUnknown:Release (This=0xe30b058) returned 0x0 [0187.904] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.904] IUnknown:Release (This=0xbfc350) returned 0x1 [0187.904] IUnknown:Release (This=0xbfc350) returned 0x0 [0187.905] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.905] IUnknown:Release (This=0xe30c070) returned 0x1 [0187.905] IUnknown:Release (This=0xe30c070) returned 0x0 [0187.905] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.905] IUnknown:Release (This=0xe30c3a0) returned 0x1 [0187.905] IUnknown:Release (This=0xe30c3a0) returned 0x0 [0187.906] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.906] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x1 [0187.906] WbemLocator:IUnknown:Release (This=0xc16518) returned 0x0 [0187.906] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.906] IUnknown:Release (This=0xe31be88) returned 0x1 [0187.906] IUnknown:Release (This=0xe31be88) returned 0x0 [0187.906] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.906] IUnknown:Release (This=0xe334360) returned 0x1 [0187.906] IUnknown:Release (This=0xe334360) returned 0x0 [0187.907] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.907] IUnknown:Release (This=0xe30b9e8) returned 0x1 [0187.907] IUnknown:Release (This=0xe30b9e8) returned 0x0 [0187.907] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.907] IUnknown:Release (This=0xe30a530) returned 0x1 [0187.907] IUnknown:Release (This=0xe30a530) returned 0x0 [0187.907] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.907] IUnknown:Release (This=0xe31c818) returned 0x1 [0187.907] IUnknown:Release (This=0xe31c818) returned 0x0 [0187.908] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.908] WbemLocator:IUnknown:Release (This=0xbbfb00) returned 0x1 [0187.908] WbemLocator:IUnknown:Release (This=0xe31cf88) returned 0x0 [0187.927] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.927] IUnknown:Release (This=0xe31b360) returned 0x1 [0187.927] IUnknown:Release (This=0xe31b360) returned 0x0 [0187.927] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.927] IUnknown:Release (This=0xe333838) returned 0x1 [0187.927] IUnknown:Release (This=0xe333838) returned 0x0 [0187.928] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.928] IUnknown:Release (This=0xe30aec0) returned 0x1 [0187.928] IUnknown:Release (This=0xe30aec0) returned 0x0 [0187.928] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.928] IUnknown:Release (This=0xe30c208) returned 0x1 [0187.928] IUnknown:Release (This=0xe30c208) returned 0x0 [0187.928] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.928] IUnknown:Release (This=0xe30bb80) returned 0x1 [0187.928] IUnknown:Release (This=0xe30bb80) returned 0x0 [0187.928] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.929] WbemLocator:IUnknown:Release (This=0xbbe500) returned 0x1 [0187.929] WbemLocator:IUnknown:Release (This=0xe31d3e8) returned 0x0 [0187.947] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.947] IUnknown:Release (This=0xe31bcf0) returned 0x1 [0187.947] IUnknown:Release (This=0xe31bcf0) returned 0x0 [0187.947] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.947] IUnknown:Release (This=0xe30b850) returned 0x1 [0187.947] IUnknown:Release (This=0xe30b850) returned 0x0 [0187.947] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.947] IUnknown:Release (This=0xe30d390) returned 0x1 [0187.947] IUnknown:Release (This=0xe30d390) returned 0x0 [0187.948] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.948] IUnknown:Release (This=0xe30cb98) returned 0x1 [0187.948] IUnknown:Release (This=0xe30cb98) returned 0x0 [0187.948] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.948] IUnknown:Release (This=0xe30a398) returned 0x1 [0187.948] IUnknown:Release (This=0xe30a398) returned 0x0 [0187.948] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.948] IUnknown:Release (This=0xe334cf0) returned 0x1 [0187.948] IUnknown:Release (This=0xe334cf0) returned 0x0 [0187.948] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.949] IUnknown:Release (This=0xe30a6c8) returned 0x1 [0187.949] IUnknown:Release (This=0xe30a6c8) returned 0x0 [0187.949] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.949] IUnknown:Release (This=0xe31c680) returned 0x1 [0187.949] IUnknown:Release (This=0xe31c680) returned 0x0 [0187.949] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.949] IUnknown:Release (This=0xe334b58) returned 0x1 [0187.949] IUnknown:Release (This=0xe334b58) returned 0x0 [0187.950] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.950] IUnknown:Release (This=0xe3336a0) returned 0x1 [0187.950] IUnknown:Release (This=0xe3336a0) returned 0x0 [0187.950] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.950] IUnknown:Release (This=0xe30ad28) returned 0x1 [0187.950] IUnknown:Release (This=0xe30ad28) returned 0x0 [0187.950] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.950] IUnknown:Release (This=0xe3351b8) returned 0x1 [0187.950] IUnknown:Release (This=0xe3351b8) returned 0x0 [0187.951] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.951] IUnknown:Release (This=0xe30d1f8) returned 0x1 [0187.951] IUnknown:Release (This=0xe30d1f8) returned 0x0 [0187.951] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.951] IUnknown:Release (This=0xe30dd20) returned 0x1 [0187.951] IUnknown:Release (This=0xe30dd20) returned 0x0 [0187.951] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.951] IUnknown:Release (This=0xe3012a8) returned 0x1 [0187.951] IUnknown:Release (This=0xe3012a8) returned 0x0 [0187.952] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.952] IUnknown:Release (This=0xe31bb58) returned 0x1 [0187.952] IUnknown:Release (This=0xe31bb58) returned 0x0 [0187.952] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.952] IUnknown:Release (This=0xe334030) returned 0x1 [0187.952] IUnknown:Release (This=0xe334030) returned 0x0 [0187.952] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.952] IUnknown:Release (This=0xe30b6b8) returned 0x1 [0187.952] IUnknown:Release (This=0xe30b6b8) returned 0x0 [0187.953] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.953] WbemLocator:IUnknown:Release (This=0xbbed00) returned 0x1 [0187.953] WbemLocator:IUnknown:Release (This=0xe3029d0) returned 0x0 [0187.954] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.954] IUnknown:Release (This=0xe30ca00) returned 0x1 [0187.954] IUnknown:Release (This=0xe30ca00) returned 0x0 [0187.954] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.954] IUnknown:Release (This=0xe30a200) returned 0x1 [0187.954] IUnknown:Release (This=0xe30a200) returned 0x0 [0187.954] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.954] WbemLocator:IUnknown:Release (This=0xc16468) returned 0x1 [0187.954] WbemLocator:IUnknown:Release (This=0xc16468) returned 0x0 [0187.955] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.955] WbemLocator:IUnknown:Release (This=0xbbf800) returned 0x1 [0187.955] WbemLocator:IUnknown:Release (This=0xc15698) returned 0x0 [0187.956] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.956] IUnknown:Release (This=0xe31c4e8) returned 0x1 [0187.956] IUnknown:Release (This=0xe31c4e8) returned 0x0 [0187.956] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.956] IUnknown:Release (This=0xe3349c0) returned 0x1 [0187.956] IUnknown:Release (This=0xe3349c0) returned 0x0 [0187.956] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.956] IUnknown:Release (This=0xe31b030) returned 0x1 [0187.956] IUnknown:Release (This=0xe31b030) returned 0x0 [0187.957] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.957] IUnknown:Release (This=0xe31b1c8) returned 0x1 [0187.957] IUnknown:Release (This=0xe31b1c8) returned 0x0 [0187.957] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.957] IUnknown:Release (This=0xe333508) returned 0x1 [0187.957] IUnknown:Release (This=0xe333508) returned 0x0 [0187.957] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.957] IUnknown:Release (This=0xe30ab90) returned 0x1 [0187.957] IUnknown:Release (This=0xe30ab90) returned 0x0 [0187.957] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.958] IUnknown:Release (This=0xe30bed8) returned 0x1 [0187.958] IUnknown:Release (This=0xe30bed8) returned 0x0 [0187.958] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.958] IUnknown:Release (This=0xe30cd30) returned 0x1 [0187.958] IUnknown:Release (This=0xe30cd30) returned 0x0 [0187.958] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.958] IUnknown:Release (This=0xe31b690) returned 0x1 [0187.958] IUnknown:Release (This=0xe31b690) returned 0x0 [0187.958] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.958] IUnknown:Release (This=0xe31b9c0) returned 0x1 [0187.959] IUnknown:Release (This=0xe31b9c0) returned 0x0 [0187.959] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.959] IUnknown:Release (This=0xe30d528) returned 0x1 [0187.959] IUnknown:Release (This=0xe30d528) returned 0x0 [0187.959] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.959] IUnknown:Release (This=0xe333e98) returned 0x1 [0187.959] IUnknown:Release (This=0xe333e98) returned 0x0 [0187.959] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.959] IUnknown:Release (This=0xe30b520) returned 0x1 [0187.959] IUnknown:Release (This=0xe30b520) returned 0x0 [0187.960] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.960] IUnknown:Release (This=0xbfc818) returned 0x1 [0187.960] IUnknown:Release (This=0xbfc818) returned 0x0 [0187.960] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.960] IUnknown:Release (This=0xe30c868) returned 0x1 [0187.960] IUnknown:Release (This=0xe30c868) returned 0x0 [0187.961] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.961] IUnknown:Release (This=0xe30a068) returned 0x1 [0187.961] IUnknown:Release (This=0xe30a068) returned 0x0 [0187.961] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.961] IUnknown:Release (This=0xe31c350) returned 0x1 [0187.961] IUnknown:Release (This=0xe31c350) returned 0x0 [0187.961] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.961] WbemLocator:IUnknown:Release (This=0xbbf900) returned 0x1 [0187.961] WbemLocator:IUnknown:Release (This=0xe31d668) returned 0x0 [0187.962] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.962] IUnknown:Release (This=0xe334828) returned 0x1 [0187.962] IUnknown:Release (This=0xe334828) returned 0x0 [0187.965] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.965] IUnknown:Release (This=0xe30d6c0) returned 0x1 [0187.965] IUnknown:Release (This=0xe30d6c0) returned 0x0 [0187.965] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.965] WbemLocator:IUnknown:Release (This=0xc16448) returned 0x1 [0187.965] WbemLocator:IUnknown:Release (This=0xc16448) returned 0x0 [0187.965] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.965] IUnknown:Release (This=0xe31ae98) returned 0x1 [0187.965] IUnknown:Release (This=0xe31ae98) returned 0x0 [0187.966] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.966] IUnknown:Release (This=0xe333370) returned 0x1 [0187.966] IUnknown:Release (This=0xe333370) returned 0x0 [0187.967] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.967] IUnknown:Release (This=0xe30a9f8) returned 0x1 [0187.967] IUnknown:Release (This=0xe30a9f8) returned 0x0 [0187.967] CoGetContextToken (in: pToken=0xf2f190 | out: pToken=0xf2f190) returned 0x0 [0187.967] IUnknown:Release (This=0xe30db88) returned 0x1 [0187.967] IUnknown:Release (This=0xe30db88) returned 0x0 [0187.971] IUnknown:Release (This=0xb71a30) returned 0x0 Thread: id = 10 os_tid = 0xe38 [0116.604] CoGetContextToken (in: pToken=0x8b6f8bc | out: pToken=0x8b6f8bc) returned 0x0 [0116.605] CObjectContext::QueryInterface () returned 0x0 [0116.605] CObjectContext::GetCurrentThreadType () returned 0x0 [0116.605] Release () returned 0x0 Thread: id = 11 os_tid = 0xb64 Thread: id = 12 os_tid = 0x1270 Thread: id = 13 os_tid = 0x438 Thread: id = 14 os_tid = 0x12b0 Thread: id = 114 os_tid = 0x1360 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74f36000" os_pid = "0x358" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac07" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2176 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2177 start_va = 0xe588800000 end_va = 0xe5889fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e588800000" filename = "" Region: id = 2178 start_va = 0xe588a00000 end_va = 0xe588a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e588a00000" filename = "" Region: id = 2179 start_va = 0xe588c00000 end_va = 0xe588cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e588c00000" filename = "" Region: id = 2180 start_va = 0xe588f00000 end_va = 0xe588ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e588f00000" filename = "" Region: id = 2181 start_va = 0xe589000000 end_va = 0xe58907ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589000000" filename = "" Region: id = 2182 start_va = 0xe589080000 end_va = 0xe58917ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589080000" filename = "" Region: id = 2183 start_va = 0xe589180000 end_va = 0xe58927ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589180000" filename = "" Region: id = 2184 start_va = 0xe589280000 end_va = 0xe5892fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589280000" filename = "" Region: id = 2185 start_va = 0xe589300000 end_va = 0xe5893fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589300000" filename = "" Region: id = 2186 start_va = 0xe589500000 end_va = 0xe5895fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589500000" filename = "" Region: id = 2187 start_va = 0xe589600000 end_va = 0xe5896fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589600000" filename = "" Region: id = 2188 start_va = 0xe589700000 end_va = 0xe5897fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589700000" filename = "" Region: id = 2189 start_va = 0xe589800000 end_va = 0xe5898fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589800000" filename = "" Region: id = 2190 start_va = 0xe589a00000 end_va = 0xe589afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589a00000" filename = "" Region: id = 2191 start_va = 0xe589c00000 end_va = 0xe589cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589c00000" filename = "" Region: id = 2192 start_va = 0xe589d80000 end_va = 0xe589e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e589d80000" filename = "" Region: id = 2193 start_va = 0xe58a400000 end_va = 0xe58a4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58a400000" filename = "" Region: id = 2194 start_va = 0xe58a580000 end_va = 0xe58a67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58a580000" filename = "" Region: id = 2195 start_va = 0xe58a680000 end_va = 0xe58a77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58a680000" filename = "" Region: id = 2196 start_va = 0xe58a980000 end_va = 0xe58aa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58a980000" filename = "" Region: id = 2197 start_va = 0xe58ab00000 end_va = 0xe58ab7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58ab00000" filename = "" Region: id = 2198 start_va = 0xe58ad00000 end_va = 0xe58ad7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58ad00000" filename = "" Region: id = 2199 start_va = 0xe58b200000 end_va = 0xe58b2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58b200000" filename = "" Region: id = 2200 start_va = 0xe58b580000 end_va = 0xe58b67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58b580000" filename = "" Region: id = 2201 start_va = 0xe58b880000 end_va = 0xe58b97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58b880000" filename = "" Region: id = 2202 start_va = 0xe58b980000 end_va = 0xe58ba7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58b980000" filename = "" Region: id = 2203 start_va = 0xe58ba80000 end_va = 0xe58bb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58ba80000" filename = "" Region: id = 2204 start_va = 0xe58bc80000 end_va = 0xe58bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58bc80000" filename = "" Region: id = 2205 start_va = 0xe58bd80000 end_va = 0xe58be7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58bd80000" filename = "" Region: id = 2206 start_va = 0xe58c480000 end_va = 0xe58c57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58c480000" filename = "" Region: id = 2207 start_va = 0xe58cd00000 end_va = 0xe58cdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58cd00000" filename = "" Region: id = 2208 start_va = 0xe58ce00000 end_va = 0xe58cefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58ce00000" filename = "" Region: id = 2209 start_va = 0xe58cf00000 end_va = 0xe58cffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58cf00000" filename = "" Region: id = 2210 start_va = 0xe58d000000 end_va = 0xe58d0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58d000000" filename = "" Region: id = 2211 start_va = 0xe58d100000 end_va = 0xe58d17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58d100000" filename = "" Region: id = 2212 start_va = 0xe58d480000 end_va = 0xe58d57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58d480000" filename = "" Region: id = 2213 start_va = 0xe58f400000 end_va = 0xe58f4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f400000" filename = "" Region: id = 2214 start_va = 0xe58f500000 end_va = 0xe58f57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f500000" filename = "" Region: id = 2215 start_va = 0xe58f580000 end_va = 0xe58f5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f580000" filename = "" Region: id = 2216 start_va = 0xe58f600000 end_va = 0xe58f67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f600000" filename = "" Region: id = 2217 start_va = 0xe58f680000 end_va = 0xe58f77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f680000" filename = "" Region: id = 2218 start_va = 0xe58f800000 end_va = 0xe58f8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f800000" filename = "" Region: id = 2219 start_va = 0xe58f900000 end_va = 0xe58f9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58f900000" filename = "" Region: id = 2220 start_va = 0xe58fa00000 end_va = 0xe58fafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58fa00000" filename = "" Region: id = 2221 start_va = 0xe58fb00000 end_va = 0xe58fbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58fb00000" filename = "" Region: id = 2222 start_va = 0xe58fc00000 end_va = 0xe58fcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58fc00000" filename = "" Region: id = 2223 start_va = 0xe58fd00000 end_va = 0xe58fdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58fd00000" filename = "" Region: id = 2224 start_va = 0xe58ff00000 end_va = 0xe58fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e58ff00000" filename = "" Region: id = 2225 start_va = 0xe590000000 end_va = 0xe5900fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590000000" filename = "" Region: id = 2226 start_va = 0xe590100000 end_va = 0xe59017ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590100000" filename = "" Region: id = 2227 start_va = 0xe590180000 end_va = 0xe5901fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590180000" filename = "" Region: id = 2228 start_va = 0xe590200000 end_va = 0xe5902fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590200000" filename = "" Region: id = 2229 start_va = 0xe590300000 end_va = 0xe59037ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590300000" filename = "" Region: id = 2230 start_va = 0xe590480000 end_va = 0xe59057ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590480000" filename = "" Region: id = 2231 start_va = 0xe590680000 end_va = 0xe59077ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590680000" filename = "" Region: id = 2232 start_va = 0xe590780000 end_va = 0xe59087ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590780000" filename = "" Region: id = 2233 start_va = 0xe590880000 end_va = 0xe5908fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590880000" filename = "" Region: id = 2234 start_va = 0xe590900000 end_va = 0xe5909fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590900000" filename = "" Region: id = 2235 start_va = 0xe590a00000 end_va = 0xe590afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590a00000" filename = "" Region: id = 2236 start_va = 0xe590b00000 end_va = 0xe590bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590b00000" filename = "" Region: id = 2237 start_va = 0xe590c00000 end_va = 0xe590cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590c00000" filename = "" Region: id = 2238 start_va = 0xe590d00000 end_va = 0xe590d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590d00000" filename = "" Region: id = 2239 start_va = 0xe590d80000 end_va = 0xe590e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590d80000" filename = "" Region: id = 2240 start_va = 0xe590e80000 end_va = 0xe590f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590e80000" filename = "" Region: id = 2241 start_va = 0xe590f80000 end_va = 0xe59107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e590f80000" filename = "" Region: id = 2242 start_va = 0xe591080000 end_va = 0xe59117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591080000" filename = "" Region: id = 2243 start_va = 0xe591180000 end_va = 0xe59127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591180000" filename = "" Region: id = 2244 start_va = 0xe591280000 end_va = 0xe59137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591280000" filename = "" Region: id = 2245 start_va = 0xe591380000 end_va = 0xe59147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591380000" filename = "" Region: id = 2246 start_va = 0xe591480000 end_va = 0xe59157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591480000" filename = "" Region: id = 2247 start_va = 0xe591580000 end_va = 0xe59167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591580000" filename = "" Region: id = 2248 start_va = 0xe591680000 end_va = 0xe59177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591680000" filename = "" Region: id = 2249 start_va = 0xe591780000 end_va = 0xe59187ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591780000" filename = "" Region: id = 2250 start_va = 0xe591880000 end_va = 0xe59197ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591880000" filename = "" Region: id = 2251 start_va = 0xe591a80000 end_va = 0xe591afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591a80000" filename = "" Region: id = 2252 start_va = 0xe591b00000 end_va = 0xe591bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591b00000" filename = "" Region: id = 2253 start_va = 0xe591c00000 end_va = 0xe591c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e591c00000" filename = "" Region: id = 2254 start_va = 0xe592280000 end_va = 0xe59237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e592280000" filename = "" Region: id = 2255 start_va = 0xe592800000 end_va = 0xe5928fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e592800000" filename = "" Region: id = 2256 start_va = 0xe592900000 end_va = 0xe5929fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e592900000" filename = "" Region: id = 2257 start_va = 0xe592a00000 end_va = 0xe592afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e592a00000" filename = "" Region: id = 2258 start_va = 0xe592b00000 end_va = 0xe592bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e592b00000" filename = "" Region: id = 2259 start_va = 0x28611c80000 end_va = 0x28611c8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611c80000" filename = "" Region: id = 2260 start_va = 0x28611c90000 end_va = 0x28611c90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2261 start_va = 0x28611ca0000 end_va = 0x28611cb4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611ca0000" filename = "" Region: id = 2262 start_va = 0x28611cc0000 end_va = 0x28611cc3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611cc0000" filename = "" Region: id = 2263 start_va = 0x28611cd0000 end_va = 0x28611cd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611cd0000" filename = "" Region: id = 2264 start_va = 0x28611ce0000 end_va = 0x28611ce1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611ce0000" filename = "" Region: id = 2265 start_va = 0x28611cf0000 end_va = 0x28611dadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2266 start_va = 0x28611db0000 end_va = 0x28611db6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611db0000" filename = "" Region: id = 2267 start_va = 0x28611dc0000 end_va = 0x28611dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611dc0000" filename = "" Region: id = 2268 start_va = 0x28611dd0000 end_va = 0x28611dd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611dd0000" filename = "" Region: id = 2269 start_va = 0x28611de0000 end_va = 0x28611de0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611de0000" filename = "" Region: id = 2270 start_va = 0x28611df0000 end_va = 0x28611df0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611df0000" filename = "" Region: id = 2271 start_va = 0x28611e00000 end_va = 0x28611efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611e00000" filename = "" Region: id = 2272 start_va = 0x28611f00000 end_va = 0x28611fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611f00000" filename = "" Region: id = 2273 start_va = 0x28611fc0000 end_va = 0x28611fc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028611fc0000" filename = "" Region: id = 2274 start_va = 0x28611fd0000 end_va = 0x28611fd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611fd0000" filename = "" Region: id = 2275 start_va = 0x28611fe0000 end_va = 0x28611fe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611fe0000" filename = "" Region: id = 2276 start_va = 0x28611ff0000 end_va = 0x28611ff0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028611ff0000" filename = "" Region: id = 2277 start_va = 0x28612000000 end_va = 0x286120fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612000000" filename = "" Region: id = 2278 start_va = 0x28612100000 end_va = 0x28612287fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028612100000" filename = "" Region: id = 2279 start_va = 0x28612290000 end_va = 0x28612410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028612290000" filename = "" Region: id = 2280 start_va = 0x28612420000 end_va = 0x28612420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028612420000" filename = "" Region: id = 2281 start_va = 0x28612430000 end_va = 0x2861243cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 2282 start_va = 0x28612440000 end_va = 0x28612441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028612440000" filename = "" Region: id = 2283 start_va = 0x28612450000 end_va = 0x28612453fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2284 start_va = 0x28612460000 end_va = 0x286124a4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 2285 start_va = 0x286124b0000 end_va = 0x286124b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2286 start_va = 0x286124c0000 end_va = 0x286124d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 2287 start_va = 0x286124e0000 end_va = 0x286124e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286124e0000" filename = "" Region: id = 2288 start_va = 0x286124f0000 end_va = 0x286124f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 2289 start_va = 0x28612500000 end_va = 0x2861250cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2290 start_va = 0x28612510000 end_va = 0x28612511fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 2291 start_va = 0x28612520000 end_va = 0x28612526fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612520000" filename = "" Region: id = 2292 start_va = 0x28612530000 end_va = 0x286125bdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2293 start_va = 0x286125c0000 end_va = 0x286125c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286125c0000" filename = "" Region: id = 2294 start_va = 0x286125d0000 end_va = 0x286125d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286125d0000" filename = "" Region: id = 2295 start_va = 0x286125e0000 end_va = 0x286125e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286125e0000" filename = "" Region: id = 2296 start_va = 0x286125f0000 end_va = 0x286125f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 2297 start_va = 0x28612600000 end_va = 0x286126fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612600000" filename = "" Region: id = 2298 start_va = 0x28612700000 end_va = 0x286127fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612700000" filename = "" Region: id = 2299 start_va = 0x28612800000 end_va = 0x28612804fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2300 start_va = 0x28612810000 end_va = 0x2861281ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2301 start_va = 0x28612820000 end_va = 0x28612826fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612820000" filename = "" Region: id = 2302 start_va = 0x28612830000 end_va = 0x28612832fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 2303 start_va = 0x28612840000 end_va = 0x28612840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612840000" filename = "" Region: id = 2304 start_va = 0x28612850000 end_va = 0x28612859fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 2305 start_va = 0x28612860000 end_va = 0x28612870fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 2306 start_va = 0x28612880000 end_va = 0x28612890fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 2307 start_va = 0x286128a0000 end_va = 0x286128b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 2308 start_va = 0x286128c0000 end_va = 0x286128d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 2309 start_va = 0x286128e0000 end_va = 0x286128f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 2310 start_va = 0x28612900000 end_va = 0x286129fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612900000" filename = "" Region: id = 2311 start_va = 0x28612a00000 end_va = 0x28612d36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2312 start_va = 0x28612d40000 end_va = 0x28612d50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 2313 start_va = 0x28612d60000 end_va = 0x28612d70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 2314 start_va = 0x28612d80000 end_va = 0x28612da7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 2315 start_va = 0x28612db0000 end_va = 0x28612de0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 2316 start_va = 0x28612df0000 end_va = 0x28612dfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2317 start_va = 0x28612e00000 end_va = 0x28612efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612e00000" filename = "" Region: id = 2318 start_va = 0x28612f00000 end_va = 0x28612ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028612f00000" filename = "" Region: id = 2319 start_va = 0x28613000000 end_va = 0x286130dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2320 start_va = 0x286130e0000 end_va = 0x286130f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 2321 start_va = 0x28613100000 end_va = 0x286131fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613100000" filename = "" Region: id = 2322 start_va = 0x28613200000 end_va = 0x286132fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613200000" filename = "" Region: id = 2323 start_va = 0x28613300000 end_va = 0x28613310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 2324 start_va = 0x28613320000 end_va = 0x28613350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 2325 start_va = 0x28613360000 end_va = 0x28613390fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 2326 start_va = 0x286133a0000 end_va = 0x286133a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286133a0000" filename = "" Region: id = 2327 start_va = 0x286133b0000 end_va = 0x286133b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286133b0000" filename = "" Region: id = 2328 start_va = 0x286133c0000 end_va = 0x286133cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286133c0000" filename = "" Region: id = 2329 start_va = 0x286133d0000 end_va = 0x286133d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shcore.dll.mui" filename = "\\Windows\\System32\\en-US\\SHCore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shcore.dll.mui") Region: id = 2330 start_va = 0x286133e0000 end_va = 0x28613422fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286133e0000" filename = "" Region: id = 2331 start_va = 0x28613430000 end_va = 0x2861343ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613430000" filename = "" Region: id = 2332 start_va = 0x28613440000 end_va = 0x2861344ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613440000" filename = "" Region: id = 2333 start_va = 0x28613450000 end_va = 0x2861345ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613450000" filename = "" Region: id = 2334 start_va = 0x28613460000 end_va = 0x2861346ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613460000" filename = "" Region: id = 2335 start_va = 0x28613470000 end_va = 0x2861347ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613470000" filename = "" Region: id = 2336 start_va = 0x28613480000 end_va = 0x2861348ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028613480000" filename = "" Region: id = 2337 start_va = 0x28613490000 end_va = 0x2861349ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613490000" filename = "" Region: id = 2338 start_va = 0x286134a0000 end_va = 0x286134a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286134a0000" filename = "" Region: id = 2339 start_va = 0x286134b0000 end_va = 0x286134b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286134b0000" filename = "" Region: id = 2340 start_va = 0x286134c0000 end_va = 0x2861350dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286134c0000" filename = "" Region: id = 2341 start_va = 0x28613510000 end_va = 0x28613510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613510000" filename = "" Region: id = 2342 start_va = 0x28613520000 end_va = 0x28613523fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613520000" filename = "" Region: id = 2343 start_va = 0x28613530000 end_va = 0x28613531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613530000" filename = "" Region: id = 2344 start_va = 0x28613540000 end_va = 0x28613546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613540000" filename = "" Region: id = 2345 start_va = 0x28613550000 end_va = 0x2861359dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613550000" filename = "" Region: id = 2346 start_va = 0x286135a0000 end_va = 0x286135affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135a0000" filename = "" Region: id = 2347 start_va = 0x286135b0000 end_va = 0x286135bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135b0000" filename = "" Region: id = 2348 start_va = 0x286135c0000 end_va = 0x286135cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135c0000" filename = "" Region: id = 2349 start_va = 0x286135d0000 end_va = 0x286135dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135d0000" filename = "" Region: id = 2350 start_va = 0x286135e0000 end_va = 0x286135effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135e0000" filename = "" Region: id = 2351 start_va = 0x286135f0000 end_va = 0x286135fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000286135f0000" filename = "" Region: id = 2352 start_va = 0x28613600000 end_va = 0x286136fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613600000" filename = "" Region: id = 2353 start_va = 0x28613700000 end_va = 0x286137fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613700000" filename = "" Region: id = 2354 start_va = 0x28613800000 end_va = 0x28613800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613800000" filename = "" Region: id = 2355 start_va = 0x28613810000 end_va = 0x2861381ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613810000" filename = "" Region: id = 2356 start_va = 0x28613820000 end_va = 0x28613826fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613820000" filename = "" Region: id = 2357 start_va = 0x28613830000 end_va = 0x2861384ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613830000" filename = "" Region: id = 2358 start_va = 0x28613850000 end_va = 0x28613853fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613850000" filename = "" Region: id = 2359 start_va = 0x28613860000 end_va = 0x28613861fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613860000" filename = "" Region: id = 2360 start_va = 0x28613870000 end_va = 0x2861387ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2361 start_va = 0x28613880000 end_va = 0x2861388ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2362 start_va = 0x28613890000 end_va = 0x2861389ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2363 start_va = 0x286138a0000 end_va = 0x286138affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2364 start_va = 0x286138b0000 end_va = 0x286138bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2365 start_va = 0x286138c0000 end_va = 0x286138c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286138c0000" filename = "" Region: id = 2366 start_va = 0x286138d0000 end_va = 0x286138dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2367 start_va = 0x286138e0000 end_va = 0x286138effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2368 start_va = 0x286138f0000 end_va = 0x286138fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2369 start_va = 0x28613900000 end_va = 0x286139fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613900000" filename = "" Region: id = 2370 start_va = 0x28613a00000 end_va = 0x28613afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613a00000" filename = "" Region: id = 2371 start_va = 0x28613b00000 end_va = 0x28613bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613b00000" filename = "" Region: id = 2372 start_va = 0x28613c00000 end_va = 0x28613cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613c00000" filename = "" Region: id = 2373 start_va = 0x28613d00000 end_va = 0x28613dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613d00000" filename = "" Region: id = 2374 start_va = 0x28613e00000 end_va = 0x28613efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613e00000" filename = "" Region: id = 2375 start_va = 0x28613f00000 end_va = 0x28613ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028613f00000" filename = "" Region: id = 2376 start_va = 0x28614000000 end_va = 0x286140fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614000000" filename = "" Region: id = 2377 start_va = 0x28614100000 end_va = 0x286141fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614100000" filename = "" Region: id = 2378 start_va = 0x28614200000 end_va = 0x286142fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614200000" filename = "" Region: id = 2379 start_va = 0x28614300000 end_va = 0x286143fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614300000" filename = "" Region: id = 2380 start_va = 0x28614400000 end_va = 0x286144fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614400000" filename = "" Region: id = 2381 start_va = 0x28614500000 end_va = 0x2861450ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2382 start_va = 0x28614510000 end_va = 0x2861451ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2383 start_va = 0x28614520000 end_va = 0x2861452ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2384 start_va = 0x28614530000 end_va = 0x2861453ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2385 start_va = 0x28614540000 end_va = 0x2861454ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2386 start_va = 0x28614550000 end_va = 0x2861455ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2387 start_va = 0x28614560000 end_va = 0x2861456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614560000" filename = "" Region: id = 2388 start_va = 0x28614570000 end_va = 0x2861457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614570000" filename = "" Region: id = 2389 start_va = 0x28614580000 end_va = 0x2861458ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2390 start_va = 0x28614590000 end_va = 0x2861459ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2391 start_va = 0x286145a0000 end_va = 0x286145affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286145a0000" filename = "" Region: id = 2392 start_va = 0x286145b0000 end_va = 0x286145bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286145b0000" filename = "" Region: id = 2393 start_va = 0x286145c0000 end_va = 0x286145cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286145c0000" filename = "" Region: id = 2394 start_va = 0x286145d0000 end_va = 0x286145d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286145d0000" filename = "" Region: id = 2395 start_va = 0x286145e0000 end_va = 0x286145effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000286145e0000" filename = "" Region: id = 2396 start_va = 0x286145f0000 end_va = 0x286145f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 2397 start_va = 0x28614600000 end_va = 0x28614603fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 2398 start_va = 0x28614610000 end_va = 0x2861461ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2399 start_va = 0x28614620000 end_va = 0x28614626fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614620000" filename = "" Region: id = 2400 start_va = 0x28614630000 end_va = 0x2861463ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2401 start_va = 0x28614640000 end_va = 0x2861464ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2402 start_va = 0x28614650000 end_va = 0x2861465ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2403 start_va = 0x28614660000 end_va = 0x2861466ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2404 start_va = 0x28614670000 end_va = 0x2861467ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2405 start_va = 0x28614680000 end_va = 0x2861468ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2406 start_va = 0x28614690000 end_va = 0x28614696fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614690000" filename = "" Region: id = 2407 start_va = 0x286146a0000 end_va = 0x286146affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2408 start_va = 0x286146b0000 end_va = 0x286146bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2409 start_va = 0x286146c0000 end_va = 0x286146cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2410 start_va = 0x286146d0000 end_va = 0x286146dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2411 start_va = 0x286146e0000 end_va = 0x286146effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2412 start_va = 0x286146f0000 end_va = 0x286146fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2413 start_va = 0x28614700000 end_va = 0x286147fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614700000" filename = "" Region: id = 2414 start_va = 0x28614800000 end_va = 0x286157fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028614800000" filename = "" Region: id = 2415 start_va = 0x28615800000 end_va = 0x2861580ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2416 start_va = 0x28615810000 end_va = 0x2861581ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2417 start_va = 0x28615820000 end_va = 0x2861582ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2418 start_va = 0x28615830000 end_va = 0x2861583ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2419 start_va = 0x28615840000 end_va = 0x2861584ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2420 start_va = 0x28615850000 end_va = 0x2861585ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2421 start_va = 0x28615860000 end_va = 0x2861586ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2422 start_va = 0x28615870000 end_va = 0x2861587ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2423 start_va = 0x28615880000 end_va = 0x28615886fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615880000" filename = "" Region: id = 2424 start_va = 0x28615890000 end_va = 0x2861589ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2425 start_va = 0x286158a0000 end_va = 0x286158affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2426 start_va = 0x286158b0000 end_va = 0x286158bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2427 start_va = 0x286158c0000 end_va = 0x286158cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2428 start_va = 0x286158d0000 end_va = 0x286158dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2429 start_va = 0x286158e0000 end_va = 0x286158effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2430 start_va = 0x286158f0000 end_va = 0x286158fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2431 start_va = 0x28615900000 end_va = 0x286159fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615900000" filename = "" Region: id = 2432 start_va = 0x28615a00000 end_va = 0x28615a0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2433 start_va = 0x28615a10000 end_va = 0x28615a1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2434 start_va = 0x28615a20000 end_va = 0x28615a2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2435 start_va = 0x28615a30000 end_va = 0x28615a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2436 start_va = 0x28615a40000 end_va = 0x28615a4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2437 start_va = 0x28615a50000 end_va = 0x28615a5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2438 start_va = 0x28615a60000 end_va = 0x28615a6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2439 start_va = 0x28615a70000 end_va = 0x28615a7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2440 start_va = 0x28615a80000 end_va = 0x28615a8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2441 start_va = 0x28615a90000 end_va = 0x28615a9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2442 start_va = 0x28615aa0000 end_va = 0x28615aaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2443 start_va = 0x28615ab0000 end_va = 0x28615abffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2444 start_va = 0x28615ac0000 end_va = 0x28615acffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2445 start_va = 0x28615ad0000 end_va = 0x28615adffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2446 start_va = 0x28615ae0000 end_va = 0x28615aeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2447 start_va = 0x28615af0000 end_va = 0x28615afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2448 start_va = 0x28615b00000 end_va = 0x28615b0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2449 start_va = 0x28615b10000 end_va = 0x28615b1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2450 start_va = 0x28615b20000 end_va = 0x28615b2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2451 start_va = 0x28615b30000 end_va = 0x28615b3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2452 start_va = 0x28615b40000 end_va = 0x28615b4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2453 start_va = 0x28615b50000 end_va = 0x28615b53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615b50000" filename = "" Region: id = 2454 start_va = 0x28615b60000 end_va = 0x28615b6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2455 start_va = 0x28615b70000 end_va = 0x28615b7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2456 start_va = 0x28615b80000 end_va = 0x28615b8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2457 start_va = 0x28615b90000 end_va = 0x28615b9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2458 start_va = 0x28615ba0000 end_va = 0x28615baffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2459 start_va = 0x28615bb0000 end_va = 0x28615bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2460 start_va = 0x28615bc0000 end_va = 0x28615bcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2461 start_va = 0x28615bd0000 end_va = 0x28615bdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2462 start_va = 0x28615be0000 end_va = 0x28615beffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2463 start_va = 0x28615bf0000 end_va = 0x28615bfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2464 start_va = 0x28615c00000 end_va = 0x28615c0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2465 start_va = 0x28615c10000 end_va = 0x28615c1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2466 start_va = 0x28615c20000 end_va = 0x28615c2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2467 start_va = 0x28615c30000 end_va = 0x28615c3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2468 start_va = 0x28615c40000 end_va = 0x28615c4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2469 start_va = 0x28615c50000 end_va = 0x28615c5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2470 start_va = 0x28615c60000 end_va = 0x28615c6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2471 start_va = 0x28615c70000 end_va = 0x28615c7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2472 start_va = 0x28615c80000 end_va = 0x28615c8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2473 start_va = 0x28615c90000 end_va = 0x28615c9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2474 start_va = 0x28615ca0000 end_va = 0x28615caffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2475 start_va = 0x28615cb0000 end_va = 0x28615cb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615cb0000" filename = "" Region: id = 2476 start_va = 0x28615cc0000 end_va = 0x28615ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615cc0000" filename = "" Region: id = 2477 start_va = 0x28615cd0000 end_va = 0x28615cdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2478 start_va = 0x28615ce0000 end_va = 0x28615ceffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2479 start_va = 0x28615cf0000 end_va = 0x28615cfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2480 start_va = 0x28615d00000 end_va = 0x28615d0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2481 start_va = 0x28615d10000 end_va = 0x28615d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2482 start_va = 0x28615d20000 end_va = 0x28615d2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2483 start_va = 0x28615d30000 end_va = 0x28615d3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2484 start_va = 0x28615d40000 end_va = 0x28615d4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2485 start_va = 0x28615d60000 end_va = 0x28615d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615d60000" filename = "" Region: id = 2486 start_va = 0x28615d70000 end_va = 0x28615d7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2487 start_va = 0x28615d80000 end_va = 0x28615d80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 2488 start_va = 0x28615d90000 end_va = 0x28615d91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d90000" filename = "" Region: id = 2489 start_va = 0x28615dc0000 end_va = 0x28615dc3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615dc0000" filename = "" Region: id = 2490 start_va = 0x28615dd0000 end_va = 0x28615dd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615dd0000" filename = "" Region: id = 2491 start_va = 0x28615e00000 end_va = 0x28615efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615e00000" filename = "" Region: id = 2492 start_va = 0x28615f00000 end_va = 0x28615ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028615f00000" filename = "" Region: id = 2493 start_va = 0x28616000000 end_va = 0x286160fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028616000000" filename = "" Region: id = 2494 start_va = 0x28616100000 end_va = 0x286161fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028616100000" filename = "" Region: id = 2495 start_va = 0x28616200000 end_va = 0x2861620ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2496 start_va = 0x28616220000 end_va = 0x2861622ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2497 start_va = 0x28616230000 end_va = 0x2861623ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2498 start_va = 0x28616240000 end_va = 0x2861624ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2499 start_va = 0x28616250000 end_va = 0x2861625ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2500 start_va = 0x28616260000 end_va = 0x2861626ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2501 start_va = 0x28616270000 end_va = 0x2861627ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2502 start_va = 0x28616280000 end_va = 0x2861628ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2503 start_va = 0x28616290000 end_va = 0x2861629ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2504 start_va = 0x286162a0000 end_va = 0x286162affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2505 start_va = 0x286162b0000 end_va = 0x286162bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2506 start_va = 0x286162c0000 end_va = 0x286162cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2507 start_va = 0x286162d0000 end_va = 0x286162dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2508 start_va = 0x286162e0000 end_va = 0x286162effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2509 start_va = 0x286162f0000 end_va = 0x286162fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2510 start_va = 0x28616300000 end_va = 0x286163fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000028616300000" filename = "" Region: id = 2511 start_va = 0x28616400000 end_va = 0x2861640ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2512 start_va = 0x28616410000 end_va = 0x2861641ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2513 start_va = 0x28616420000 end_va = 0x2861642ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2514 start_va = 0x28616430000 end_va = 0x2861643ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2515 start_va = 0x28616440000 end_va = 0x2861644ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2516 start_va = 0x28616450000 end_va = 0x2861645ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2517 start_va = 0x28616460000 end_va = 0x2861646ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2518 start_va = 0x28616470000 end_va = 0x2861647ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2519 start_va = 0x28616480000 end_va = 0x2861648ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2520 start_va = 0x28616490000 end_va = 0x2861649ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2521 start_va = 0x7df5ff410000 end_va = 0x7ff5ff40ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff410000" filename = "" Region: id = 2522 start_va = 0x7ff723b50000 end_va = 0x7ff723c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff723b50000" filename = "" Region: id = 2523 start_va = 0x7ff723c50000 end_va = 0x7ff723c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff723c50000" filename = "" Region: id = 2524 start_va = 0x7ff7241b0000 end_va = 0x7ff7241bcfff monitored = 0 entry_point = 0x7ff7241b3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2525 start_va = 0x7ffa5ede0000 end_va = 0x7ffa5ee31fff monitored = 0 entry_point = 0x7ffa5ede3d30 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 2526 start_va = 0x7ffa5f110000 end_va = 0x7ffa5f30ffff monitored = 0 entry_point = 0x7ffa5f185240 region_type = mapped_file name = "wlidsvc.dll" filename = "\\Windows\\System32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll") Region: id = 2527 start_va = 0x7ffa62090000 end_va = 0x7ffa620c1fff monitored = 0 entry_point = 0x7ffa6209b0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2528 start_va = 0x7ffa62320000 end_va = 0x7ffa62555fff monitored = 0 entry_point = 0x7ffa623aa450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2529 start_va = 0x7ffa632b0000 end_va = 0x7ffa632f3fff monitored = 0 entry_point = 0x7ffa632d83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 2530 start_va = 0x7ffa63300000 end_va = 0x7ffa6335cfff monitored = 0 entry_point = 0x7ffa6332e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 2531 start_va = 0x7ffa63480000 end_va = 0x7ffa63501fff monitored = 0 entry_point = 0x7ffa63481790 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 2532 start_va = 0x7ffa63780000 end_va = 0x7ffa63795fff monitored = 0 entry_point = 0x7ffa6378b550 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 2533 start_va = 0x7ffa63c80000 end_va = 0x7ffa63c97fff monitored = 0 entry_point = 0x7ffa63c81b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 2534 start_va = 0x7ffa643a0000 end_va = 0x7ffa64423fff monitored = 0 entry_point = 0x7ffa643b2830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2535 start_va = 0x7ffa65f70000 end_va = 0x7ffa661e9fff monitored = 0 entry_point = 0x7ffa65f8a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 2536 start_va = 0x7ffa68a90000 end_va = 0x7ffa68bacfff monitored = 0 entry_point = 0x7ffa68abfe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 2537 start_va = 0x7ffa68c90000 end_va = 0x7ffa68cf6fff monitored = 0 entry_point = 0x7ffa68c9b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2538 start_va = 0x7ffa6b040000 end_va = 0x7ffa6b07efff monitored = 0 entry_point = 0x7ffa6b0682d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 2539 start_va = 0x7ffa6b080000 end_va = 0x7ffa6b0aefff monitored = 0 entry_point = 0x7ffa6b08ec60 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 2540 start_va = 0x7ffa6b0e0000 end_va = 0x7ffa6b0f3fff monitored = 0 entry_point = 0x7ffa6b0e3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 2541 start_va = 0x7ffa6b100000 end_va = 0x7ffa6b127fff monitored = 0 entry_point = 0x7ffa6b10efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2542 start_va = 0x7ffa6b130000 end_va = 0x7ffa6b184fff monitored = 0 entry_point = 0x7ffa6b14f870 region_type = mapped_file name = "ncryptprov.dll" filename = "\\Windows\\System32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll") Region: id = 2543 start_va = 0x7ffa6b190000 end_va = 0x7ffa6b1adfff monitored = 0 entry_point = 0x7ffa6b19ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 2544 start_va = 0x7ffa6b290000 end_va = 0x7ffa6b30ffff monitored = 0 entry_point = 0x7ffa6b2bd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2545 start_va = 0x7ffa6b310000 end_va = 0x7ffa6b320fff monitored = 0 entry_point = 0x7ffa6b317480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 2546 start_va = 0x7ffa6b330000 end_va = 0x7ffa6b3b3fff monitored = 0 entry_point = 0x7ffa6b348d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 2547 start_va = 0x7ffa6b3c0000 end_va = 0x7ffa6b3d5fff monitored = 0 entry_point = 0x7ffa6b3c55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2548 start_va = 0x7ffa6b3e0000 end_va = 0x7ffa6b4b5fff monitored = 0 entry_point = 0x7ffa6b40a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 2549 start_va = 0x7ffa6b690000 end_va = 0x7ffa6b6f3fff monitored = 0 entry_point = 0x7ffa6b6abed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 2550 start_va = 0x7ffa6b700000 end_va = 0x7ffa6b724fff monitored = 0 entry_point = 0x7ffa6b709900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2551 start_va = 0x7ffa6b730000 end_va = 0x7ffa6b743fff monitored = 0 entry_point = 0x7ffa6b731800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2552 start_va = 0x7ffa6b750000 end_va = 0x7ffa6b845fff monitored = 0 entry_point = 0x7ffa6b789590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2553 start_va = 0x7ffa6b850000 end_va = 0x7ffa6b8c3fff monitored = 0 entry_point = 0x7ffa6b865eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 2554 start_va = 0x7ffa6b8d0000 end_va = 0x7ffa6ba06fff monitored = 0 entry_point = 0x7ffa6b910480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 2555 start_va = 0x7ffa6bdf0000 end_va = 0x7ffa6c129fff monitored = 0 entry_point = 0x7ffa6bdf8520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 2556 start_va = 0x7ffa6c600000 end_va = 0x7ffa6c615fff monitored = 0 entry_point = 0x7ffa6c601d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 2557 start_va = 0x7ffa6d6d0000 end_va = 0x7ffa6d6e0fff monitored = 0 entry_point = 0x7ffa6d6d2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2558 start_va = 0x7ffa6d6f0000 end_va = 0x7ffa6d70dfff monitored = 0 entry_point = 0x7ffa6d6f3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2559 start_va = 0x7ffa6d710000 end_va = 0x7ffa6d791fff monitored = 0 entry_point = 0x7ffa6d712a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2560 start_va = 0x7ffa6db00000 end_va = 0x7ffa6db15fff monitored = 0 entry_point = 0x7ffa6db01af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2561 start_va = 0x7ffa6db20000 end_va = 0x7ffa6db39fff monitored = 0 entry_point = 0x7ffa6db22330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2562 start_va = 0x7ffa6db60000 end_va = 0x7ffa6db6cfff monitored = 0 entry_point = 0x7ffa6db61420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2563 start_va = 0x7ffa6df40000 end_va = 0x7ffa6df4bfff monitored = 0 entry_point = 0x7ffa6df435c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2564 start_va = 0x7ffa6dfa0000 end_va = 0x7ffa6dfdffff monitored = 0 entry_point = 0x7ffa6dfacbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 2565 start_va = 0x7ffa6dfe0000 end_va = 0x7ffa6e026fff monitored = 0 entry_point = 0x7ffa6dfe1d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 2566 start_va = 0x7ffa6e1c0000 end_va = 0x7ffa6e201fff monitored = 0 entry_point = 0x7ffa6e1c3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 2567 start_va = 0x7ffa6e370000 end_va = 0x7ffa6e38efff monitored = 0 entry_point = 0x7ffa6e3737e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 2568 start_va = 0x7ffa6e390000 end_va = 0x7ffa6e408fff monitored = 0 entry_point = 0x7ffa6e3976a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 2569 start_va = 0x7ffa6e410000 end_va = 0x7ffa6e44ffff monitored = 0 entry_point = 0x7ffa6e426c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2570 start_va = 0x7ffa6e5e0000 end_va = 0x7ffa6e5f7fff monitored = 0 entry_point = 0x7ffa6e5e2000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2571 start_va = 0x7ffa6e600000 end_va = 0x7ffa6e781fff monitored = 0 entry_point = 0x7ffa6e6182a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2572 start_va = 0x7ffa6e790000 end_va = 0x7ffa6e7a7fff monitored = 0 entry_point = 0x7ffa6e794e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 2573 start_va = 0x7ffa6e7b0000 end_va = 0x7ffa6e7d4fff monitored = 0 entry_point = 0x7ffa6e7b5ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 2574 start_va = 0x7ffa6e810000 end_va = 0x7ffa6e8b2fff monitored = 0 entry_point = 0x7ffa6e812c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2575 start_va = 0x7ffa6e8c0000 end_va = 0x7ffa6e911fff monitored = 0 entry_point = 0x7ffa6e8c5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2576 start_va = 0x7ffa6e920000 end_va = 0x7ffa6e94dfff monitored = 1 entry_point = 0x7ffa6e922300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 2577 start_va = 0x7ffa6e950000 end_va = 0x7ffa6e9adfff monitored = 0 entry_point = 0x7ffa6e955080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 2578 start_va = 0x7ffa6e9b0000 end_va = 0x7ffa6e9cffff monitored = 0 entry_point = 0x7ffa6e9b1f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 2579 start_va = 0x7ffa6e9d0000 end_va = 0x7ffa6e9d8fff monitored = 0 entry_point = 0x7ffa6e9d18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 2580 start_va = 0x7ffa6e9e0000 end_va = 0x7ffa6e9f0fff monitored = 0 entry_point = 0x7ffa6e9e1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 2581 start_va = 0x7ffa6ea00000 end_va = 0x7ffa6ea40fff monitored = 0 entry_point = 0x7ffa6ea03750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 2582 start_va = 0x7ffa6ea50000 end_va = 0x7ffa6eb42fff monitored = 0 entry_point = 0x7ffa6ea75d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2583 start_va = 0x7ffa6ed20000 end_va = 0x7ffa6f018fff monitored = 0 entry_point = 0x7ffa6ede7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 2584 start_va = 0x7ffa6f130000 end_va = 0x7ffa6f17bfff monitored = 0 entry_point = 0x7ffa6f145310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 2585 start_va = 0x7ffa6f330000 end_va = 0x7ffa6f3aefff monitored = 0 entry_point = 0x7ffa6f347110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2586 start_va = 0x7ffa6f3b0000 end_va = 0x7ffa6f3ebfff monitored = 0 entry_point = 0x7ffa6f3b6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 2587 start_va = 0x7ffa6f440000 end_va = 0x7ffa6f474fff monitored = 0 entry_point = 0x7ffa6f44a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2588 start_va = 0x7ffa6f480000 end_va = 0x7ffa6f496fff monitored = 0 entry_point = 0x7ffa6f486620 region_type = mapped_file name = "msauserext.dll" filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll") Region: id = 2589 start_va = 0x7ffa6f830000 end_va = 0x7ffa6f839fff monitored = 0 entry_point = 0x7ffa6f8314c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2590 start_va = 0x7ffa6f980000 end_va = 0x7ffa6f996fff monitored = 0 entry_point = 0x7ffa6f987520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 2591 start_va = 0x7ffa6fbf0000 end_va = 0x7ffa6fbf8fff monitored = 0 entry_point = 0x7ffa6fbf21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2592 start_va = 0x7ffa702e0000 end_va = 0x7ffa70325fff monitored = 0 entry_point = 0x7ffa702e79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 2593 start_va = 0x7ffa70370000 end_va = 0x7ffa70384fff monitored = 0 entry_point = 0x7ffa70372dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2594 start_va = 0x7ffa708c0000 end_va = 0x7ffa708d1fff monitored = 0 entry_point = 0x7ffa708c3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2595 start_va = 0x7ffa70950000 end_va = 0x7ffa7096afff monitored = 0 entry_point = 0x7ffa70951040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2596 start_va = 0x7ffa709d0000 end_va = 0x7ffa709dffff monitored = 0 entry_point = 0x7ffa709d1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 2597 start_va = 0x7ffa709e0000 end_va = 0x7ffa709e8fff monitored = 0 entry_point = 0x7ffa709e1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 2598 start_va = 0x7ffa709f0000 end_va = 0x7ffa70a1cfff monitored = 0 entry_point = 0x7ffa709f2290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 2599 start_va = 0x7ffa70a20000 end_va = 0x7ffa70a71fff monitored = 0 entry_point = 0x7ffa70a238e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 2600 start_va = 0x7ffa70ae0000 end_va = 0x7ffa70aedfff monitored = 0 entry_point = 0x7ffa70ae1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2601 start_va = 0x7ffa70af0000 end_va = 0x7ffa70b07fff monitored = 0 entry_point = 0x7ffa70afb850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 2602 start_va = 0x7ffa70bd0000 end_va = 0x7ffa70c34fff monitored = 0 entry_point = 0x7ffa70be3170 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 2603 start_va = 0x7ffa70c40000 end_va = 0x7ffa70c54fff monitored = 0 entry_point = 0x7ffa70c43460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 2604 start_va = 0x7ffa70c60000 end_va = 0x7ffa70cf9fff monitored = 0 entry_point = 0x7ffa70c7ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 2605 start_va = 0x7ffa70dd0000 end_va = 0x7ffa70ddbfff monitored = 0 entry_point = 0x7ffa70dd2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2606 start_va = 0x7ffa70de0000 end_va = 0x7ffa70e9ffff monitored = 0 entry_point = 0x7ffa70e0fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2607 start_va = 0x7ffa70eb0000 end_va = 0x7ffa70f16fff monitored = 0 entry_point = 0x7ffa70eb63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2608 start_va = 0x7ffa70f30000 end_va = 0x7ffa70f40fff monitored = 0 entry_point = 0x7ffa70f328d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 2609 start_va = 0x7ffa71010000 end_va = 0x7ffa7101afff monitored = 0 entry_point = 0x7ffa71011d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2610 start_va = 0x7ffa710e0000 end_va = 0x7ffa710f9fff monitored = 0 entry_point = 0x7ffa710e2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2611 start_va = 0x7ffa71100000 end_va = 0x7ffa71115fff monitored = 0 entry_point = 0x7ffa711019f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2612 start_va = 0x7ffa71170000 end_va = 0x7ffa7118cfff monitored = 0 entry_point = 0x7ffa71174f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 2613 start_va = 0x7ffa71200000 end_va = 0x7ffa71237fff monitored = 0 entry_point = 0x7ffa71218cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2614 start_va = 0x7ffa712e0000 end_va = 0x7ffa7138dfff monitored = 0 entry_point = 0x7ffa712f80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2615 start_va = 0x7ffa71390000 end_va = 0x7ffa713a1fff monitored = 0 entry_point = 0x7ffa71399260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 2616 start_va = 0x7ffa713b0000 end_va = 0x7ffa71460fff monitored = 0 entry_point = 0x7ffa714288b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 2617 start_va = 0x7ffa71480000 end_va = 0x7ffa714a4fff monitored = 0 entry_point = 0x7ffa71492f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 2618 start_va = 0x7ffa714b0000 end_va = 0x7ffa714c0fff monitored = 0 entry_point = 0x7ffa714b7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 2619 start_va = 0x7ffa714d0000 end_va = 0x7ffa714e3fff monitored = 0 entry_point = 0x7ffa714d2d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2620 start_va = 0x7ffa71530000 end_va = 0x7ffa71565fff monitored = 0 entry_point = 0x7ffa715327f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 2621 start_va = 0x7ffa715c0000 end_va = 0x7ffa715e1fff monitored = 0 entry_point = 0x7ffa715d2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 2622 start_va = 0x7ffa715f0000 end_va = 0x7ffa716c4fff monitored = 0 entry_point = 0x7ffa7160cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2623 start_va = 0x7ffa717c0000 end_va = 0x7ffa717c7fff monitored = 0 entry_point = 0x7ffa717c13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 2624 start_va = 0x7ffa717d0000 end_va = 0x7ffa71862fff monitored = 0 entry_point = 0x7ffa717d9680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 2625 start_va = 0x7ffa71a90000 end_va = 0x7ffa71aa8fff monitored = 0 entry_point = 0x7ffa71a94520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2626 start_va = 0x7ffa71b60000 end_va = 0x7ffa71b79fff monitored = 0 entry_point = 0x7ffa71b62cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 2627 start_va = 0x7ffa71b80000 end_va = 0x7ffa71bd4fff monitored = 0 entry_point = 0x7ffa71b83fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2628 start_va = 0x7ffa71be0000 end_va = 0x7ffa71c16fff monitored = 0 entry_point = 0x7ffa71be6020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 2629 start_va = 0x7ffa71c20000 end_va = 0x7ffa71c3ffff monitored = 0 entry_point = 0x7ffa71c239a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 2630 start_va = 0x7ffa71ee0000 end_va = 0x7ffa71f20fff monitored = 0 entry_point = 0x7ffa71ee4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 2631 start_va = 0x7ffa72480000 end_va = 0x7ffa7248bfff monitored = 0 entry_point = 0x7ffa724814d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 2632 start_va = 0x7ffa724b0000 end_va = 0x7ffa724c6fff monitored = 0 entry_point = 0x7ffa724b5630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2633 start_va = 0x7ffa724d0000 end_va = 0x7ffa72597fff monitored = 0 entry_point = 0x7ffa725113f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2634 start_va = 0x7ffa725a0000 end_va = 0x7ffa72600fff monitored = 0 entry_point = 0x7ffa725a4b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2635 start_va = 0x7ffa72610000 end_va = 0x7ffa7278bfff monitored = 0 entry_point = 0x7ffa72661650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 2636 start_va = 0x7ffa72950000 end_va = 0x7ffa72cd1fff monitored = 0 entry_point = 0x7ffa729a1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2637 start_va = 0x7ffa73dd0000 end_va = 0x7ffa73eddfff monitored = 0 entry_point = 0x7ffa73e1eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2638 start_va = 0x7ffa741e0000 end_va = 0x7ffa741eafff monitored = 0 entry_point = 0x7ffa741e1770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 2639 start_va = 0x7ffa741f0000 end_va = 0x7ffa74202fff monitored = 0 entry_point = 0x7ffa741f57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 2640 start_va = 0x7ffa74210000 end_va = 0x7ffa74289fff monitored = 0 entry_point = 0x7ffa74237630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2641 start_va = 0x7ffa74290000 end_va = 0x7ffa743c5fff monitored = 0 entry_point = 0x7ffa742bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2642 start_va = 0x7ffa743d0000 end_va = 0x7ffa744b5fff monitored = 0 entry_point = 0x7ffa743ecf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 2643 start_va = 0x7ffa744c0000 end_va = 0x7ffa744edfff monitored = 0 entry_point = 0x7ffa744c7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 2644 start_va = 0x7ffa744f0000 end_va = 0x7ffa74505fff monitored = 0 entry_point = 0x7ffa744f1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2645 start_va = 0x7ffa74510000 end_va = 0x7ffa74573fff monitored = 0 entry_point = 0x7ffa74525ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2646 start_va = 0x7ffa747d0000 end_va = 0x7ffa74861fff monitored = 0 entry_point = 0x7ffa7481a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2647 start_va = 0x7ffa748f0000 end_va = 0x7ffa7492dfff monitored = 0 entry_point = 0x7ffa748fa050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2648 start_va = 0x7ffa74930000 end_va = 0x7ffa74956fff monitored = 0 entry_point = 0x7ffa74933bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 2649 start_va = 0x7ffa74970000 end_va = 0x7ffa7497efff monitored = 0 entry_point = 0x7ffa74974960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 2650 start_va = 0x7ffa74980000 end_va = 0x7ffa749d4fff monitored = 0 entry_point = 0x7ffa7498fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 2651 start_va = 0x7ffa749e0000 end_va = 0x7ffa749ecfff monitored = 0 entry_point = 0x7ffa749e2ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 2652 start_va = 0x7ffa749f0000 end_va = 0x7ffa74a1efff monitored = 0 entry_point = 0x7ffa749f8910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 2653 start_va = 0x7ffa74a40000 end_va = 0x7ffa74a52fff monitored = 0 entry_point = 0x7ffa74a41b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2654 start_va = 0x7ffa74a70000 end_va = 0x7ffa74a7ffff monitored = 0 entry_point = 0x7ffa74a72c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2655 start_va = 0x7ffa74a80000 end_va = 0x7ffa74aedfff monitored = 0 entry_point = 0x7ffa74a87f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 2656 start_va = 0x7ffa74af0000 end_va = 0x7ffa74b00fff monitored = 0 entry_point = 0x7ffa74af3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2657 start_va = 0x7ffa74b10000 end_va = 0x7ffa74b50fff monitored = 0 entry_point = 0x7ffa74b27eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 2658 start_va = 0x7ffa74b60000 end_va = 0x7ffa74c5bfff monitored = 0 entry_point = 0x7ffa74b96df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 2659 start_va = 0x7ffa74c90000 end_va = 0x7ffa74cb8fff monitored = 0 entry_point = 0x7ffa74c9ca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2660 start_va = 0x7ffa74cc0000 end_va = 0x7ffa74cf5fff monitored = 0 entry_point = 0x7ffa74cd0070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2661 start_va = 0x7ffa754c0000 end_va = 0x7ffa7557efff monitored = 0 entry_point = 0x7ffa754e1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2662 start_va = 0x7ffa75630000 end_va = 0x7ffa75639fff monitored = 0 entry_point = 0x7ffa75631660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2663 start_va = 0x7ffa75640000 end_va = 0x7ffa75657fff monitored = 0 entry_point = 0x7ffa75645910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2664 start_va = 0x7ffa75660000 end_va = 0x7ffa757acfff monitored = 0 entry_point = 0x7ffa756a3da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2665 start_va = 0x7ffa76220000 end_va = 0x7ffa76298fff monitored = 0 entry_point = 0x7ffa7623fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2666 start_va = 0x7ffa763e0000 end_va = 0x7ffa763f1fff monitored = 0 entry_point = 0x7ffa763e1a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2667 start_va = 0x7ffa76400000 end_va = 0x7ffa7641efff monitored = 0 entry_point = 0x7ffa76404960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 2668 start_va = 0x7ffa76420000 end_va = 0x7ffa76433fff monitored = 0 entry_point = 0x7ffa76422a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 2669 start_va = 0x7ffa76440000 end_va = 0x7ffa7644afff monitored = 0 entry_point = 0x7ffa76441de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 2670 start_va = 0x7ffa76450000 end_va = 0x7ffa768e2fff monitored = 0 entry_point = 0x7ffa7645f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2671 start_va = 0x7ffa768f0000 end_va = 0x7ffa76956fff monitored = 0 entry_point = 0x7ffa7690e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 2672 start_va = 0x7ffa769b0000 end_va = 0x7ffa769b7fff monitored = 0 entry_point = 0x7ffa769b13e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2673 start_va = 0x7ffa769f0000 end_va = 0x7ffa76b75fff monitored = 0 entry_point = 0x7ffa76a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2674 start_va = 0x7ffa76b80000 end_va = 0x7ffa76b9bfff monitored = 0 entry_point = 0x7ffa76b837a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2675 start_va = 0x7ffa76ba0000 end_va = 0x7ffa76bb7fff monitored = 0 entry_point = 0x7ffa76ba4290 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 2676 start_va = 0x7ffa76bd0000 end_va = 0x7ffa76bdffff monitored = 0 entry_point = 0x7ffa76bd1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 2677 start_va = 0x7ffa76be0000 end_va = 0x7ffa76bf2fff monitored = 0 entry_point = 0x7ffa76be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2678 start_va = 0x7ffa76d50000 end_va = 0x7ffa76d8ffff monitored = 0 entry_point = 0x7ffa76d61960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2679 start_va = 0x7ffa76e20000 end_va = 0x7ffa76eb5fff monitored = 0 entry_point = 0x7ffa76e45570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2680 start_va = 0x7ffa76ec0000 end_va = 0x7ffa76ee6fff monitored = 0 entry_point = 0x7ffa76ec7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2681 start_va = 0x7ffa76f10000 end_va = 0x7ffa76f1bfff monitored = 0 entry_point = 0x7ffa76f12480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 2682 start_va = 0x7ffa76fe0000 end_va = 0x7ffa77089fff monitored = 0 entry_point = 0x7ffa77007910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2683 start_va = 0x7ffa77090000 end_va = 0x7ffa7718ffff monitored = 0 entry_point = 0x7ffa770d0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2684 start_va = 0x7ffa77320000 end_va = 0x7ffa77351fff monitored = 0 entry_point = 0x7ffa77332340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2685 start_va = 0x7ffa77490000 end_va = 0x7ffa7749bfff monitored = 0 entry_point = 0x7ffa77492790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2686 start_va = 0x7ffa774a0000 end_va = 0x7ffa774c3fff monitored = 0 entry_point = 0x7ffa774a3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2687 start_va = 0x7ffa77640000 end_va = 0x7ffa77733fff monitored = 0 entry_point = 0x7ffa7764a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2688 start_va = 0x7ffa77790000 end_va = 0x7ffa777d8fff monitored = 0 entry_point = 0x7ffa7779a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2689 start_va = 0x7ffa778b0000 end_va = 0x7ffa778bbfff monitored = 0 entry_point = 0x7ffa778b27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2690 start_va = 0x7ffa778f0000 end_va = 0x7ffa778fcfff monitored = 0 entry_point = 0x7ffa778f1fe0 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 2691 start_va = 0x7ffa77990000 end_va = 0x7ffa779c0fff monitored = 0 entry_point = 0x7ffa77997d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2692 start_va = 0x7ffa779f0000 end_va = 0x7ffa77a69fff monitored = 0 entry_point = 0x7ffa77a11a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2693 start_va = 0x7ffa77ab0000 end_va = 0x7ffa77ae3fff monitored = 0 entry_point = 0x7ffa77acae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2694 start_va = 0x7ffa77af0000 end_va = 0x7ffa77af9fff monitored = 0 entry_point = 0x7ffa77af1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2695 start_va = 0x7ffa77c00000 end_va = 0x7ffa77c1efff monitored = 0 entry_point = 0x7ffa77c05d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2696 start_va = 0x7ffa77d70000 end_va = 0x7ffa77dcbfff monitored = 0 entry_point = 0x7ffa77d86f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2697 start_va = 0x7ffa77e20000 end_va = 0x7ffa77e36fff monitored = 0 entry_point = 0x7ffa77e279d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2698 start_va = 0x7ffa77f40000 end_va = 0x7ffa77f4afff monitored = 0 entry_point = 0x7ffa77f419a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2699 start_va = 0x7ffa77f80000 end_va = 0x7ffa77fa0fff monitored = 0 entry_point = 0x7ffa77f90250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2700 start_va = 0x7ffa77fd0000 end_va = 0x7ffa78009fff monitored = 0 entry_point = 0x7ffa77fd8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2701 start_va = 0x7ffa78010000 end_va = 0x7ffa78036fff monitored = 0 entry_point = 0x7ffa78020aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2702 start_va = 0x7ffa78120000 end_va = 0x7ffa7814cfff monitored = 0 entry_point = 0x7ffa78139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2703 start_va = 0x7ffa782b0000 end_va = 0x7ffa78305fff monitored = 0 entry_point = 0x7ffa782c0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2704 start_va = 0x7ffa78310000 end_va = 0x7ffa78328fff monitored = 0 entry_point = 0x7ffa78315e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2705 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2706 start_va = 0x7ffa78360000 end_va = 0x7ffa783f8fff monitored = 0 entry_point = 0x7ffa7838f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2707 start_va = 0x7ffa784a0000 end_va = 0x7ffa784b3fff monitored = 0 entry_point = 0x7ffa784a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2708 start_va = 0x7ffa784c0000 end_va = 0x7ffa784cffff monitored = 0 entry_point = 0x7ffa784c56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2709 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2710 start_va = 0x7ffa784e0000 end_va = 0x7ffa7852afff monitored = 0 entry_point = 0x7ffa784e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2711 start_va = 0x7ffa78530000 end_va = 0x7ffa785e4fff monitored = 0 entry_point = 0x7ffa785722e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2712 start_va = 0x7ffa785f0000 end_va = 0x7ffa78644fff monitored = 0 entry_point = 0x7ffa78607970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2713 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2714 start_va = 0x7ffa786c0000 end_va = 0x7ffa78702fff monitored = 0 entry_point = 0x7ffa786d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2715 start_va = 0x7ffa78710000 end_va = 0x7ffa78726fff monitored = 0 entry_point = 0x7ffa78711390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2716 start_va = 0x7ffa78730000 end_va = 0x7ffa788f6fff monitored = 0 entry_point = 0x7ffa7878db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2717 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2718 start_va = 0x7ffa78ba0000 end_va = 0x7ffa791e3fff monitored = 0 entry_point = 0x7ffa78d664b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2719 start_va = 0x7ffa791f0000 end_va = 0x7ffa79275fff monitored = 0 entry_point = 0x7ffa791fd8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2720 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2721 start_va = 0x7ffa79430000 end_va = 0x7ffa7a98efff monitored = 0 entry_point = 0x7ffa795911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2722 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2723 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2724 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2725 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2726 start_va = 0x7ffa7ad80000 end_va = 0x7ffa7b1a8fff monitored = 0 entry_point = 0x7ffa7ada8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2727 start_va = 0x7ffa7b220000 end_va = 0x7ffa7b271fff monitored = 0 entry_point = 0x7ffa7b22f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2728 start_va = 0x7ffa7b280000 end_va = 0x7ffa7b287fff monitored = 0 entry_point = 0x7ffa7b281ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2729 start_va = 0x7ffa7b290000 end_va = 0x7ffa7b3d2fff monitored = 0 entry_point = 0x7ffa7b2b8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2730 start_va = 0x7ffa7b540000 end_va = 0x7ffa7b5aafff monitored = 0 entry_point = 0x7ffa7b5590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2731 start_va = 0x7ffa7b5b0000 end_va = 0x7ffa7b60bfff monitored = 0 entry_point = 0x7ffa7b5cb720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2732 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2733 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2734 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2735 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2736 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2737 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2830 start_va = 0x28615d50000 end_va = 0x28615d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 2852 start_va = 0x28615d50000 end_va = 0x28615d57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 2855 start_va = 0x28615d50000 end_va = 0x28615d55fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3479 start_va = 0x28615d50000 end_va = 0x28615d52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3528 start_va = 0x28615d50000 end_va = 0x28615d52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3529 start_va = 0x28615d50000 end_va = 0x28615d57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3531 start_va = 0x28615d50000 end_va = 0x28615d55fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3532 start_va = 0x28615d50000 end_va = 0x28615d52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3618 start_va = 0x28615da0000 end_va = 0x28615da1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615da0000" filename = "" Region: id = 3619 start_va = 0x28615d50000 end_va = 0x28615d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000028615d50000" filename = "" Region: id = 3675 start_va = 0x7ffa76bb0000 end_va = 0x7ffa76bb8fff monitored = 0 entry_point = 0x7ffa76bb1420 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Thread: id = 15 os_tid = 0x12b8 Thread: id = 16 os_tid = 0x12a0 Thread: id = 17 os_tid = 0x12c0 Thread: id = 18 os_tid = 0x12b4 Thread: id = 19 os_tid = 0x11f0 Thread: id = 20 os_tid = 0xf74 Thread: id = 21 os_tid = 0x1070 Thread: id = 22 os_tid = 0xe00 Thread: id = 23 os_tid = 0x380 Thread: id = 24 os_tid = 0x5ec Thread: id = 25 os_tid = 0x8b0 Thread: id = 26 os_tid = 0xa88 Thread: id = 27 os_tid = 0xa84 Thread: id = 28 os_tid = 0xae8 Thread: id = 29 os_tid = 0x8dc Thread: id = 30 os_tid = 0x6d4 Thread: id = 31 os_tid = 0x7cc Thread: id = 32 os_tid = 0x610 Thread: id = 33 os_tid = 0x5d4 Thread: id = 34 os_tid = 0xb34 Thread: id = 35 os_tid = 0x5a4 Thread: id = 36 os_tid = 0xb9c Thread: id = 37 os_tid = 0x894 Thread: id = 38 os_tid = 0x500 Thread: id = 39 os_tid = 0x7e0 Thread: id = 40 os_tid = 0x188 Thread: id = 41 os_tid = 0x4ac Thread: id = 42 os_tid = 0x570 Thread: id = 43 os_tid = 0x14c Thread: id = 44 os_tid = 0x338 Thread: id = 45 os_tid = 0x9ec Thread: id = 46 os_tid = 0x498 Thread: id = 47 os_tid = 0x618 Thread: id = 48 os_tid = 0x3b0 Thread: id = 49 os_tid = 0x2c0 Thread: id = 50 os_tid = 0x4e0 Thread: id = 51 os_tid = 0x714 Thread: id = 52 os_tid = 0x250 Thread: id = 53 os_tid = 0x6b4 Thread: id = 54 os_tid = 0xa2c Thread: id = 55 os_tid = 0x62c Thread: id = 56 os_tid = 0xb44 Thread: id = 57 os_tid = 0xb3c Thread: id = 58 os_tid = 0xa28 Thread: id = 59 os_tid = 0x374 Thread: id = 60 os_tid = 0x3ac Thread: id = 61 os_tid = 0xb78 Thread: id = 62 os_tid = 0x308 Thread: id = 63 os_tid = 0xb28 Thread: id = 64 os_tid = 0xb30 Thread: id = 65 os_tid = 0xb38 Thread: id = 66 os_tid = 0xb24 Thread: id = 67 os_tid = 0x93c Thread: id = 68 os_tid = 0x840 Thread: id = 69 os_tid = 0x814 Thread: id = 70 os_tid = 0x52c Thread: id = 71 os_tid = 0x504 Thread: id = 72 os_tid = 0x520 Thread: id = 73 os_tid = 0x760 Thread: id = 74 os_tid = 0x55c Thread: id = 75 os_tid = 0x494 Thread: id = 76 os_tid = 0x7bc Thread: id = 77 os_tid = 0x7ac Thread: id = 78 os_tid = 0x778 Thread: id = 79 os_tid = 0x734 Thread: id = 80 os_tid = 0x704 Thread: id = 81 os_tid = 0x44c Thread: id = 82 os_tid = 0x66c Thread: id = 83 os_tid = 0x49c Thread: id = 84 os_tid = 0x408 Thread: id = 85 os_tid = 0x2cc Thread: id = 86 os_tid = 0x280 Thread: id = 87 os_tid = 0x25c Thread: id = 88 os_tid = 0x178 Thread: id = 89 os_tid = 0x158 Thread: id = 90 os_tid = 0x148 Thread: id = 91 os_tid = 0x128 Thread: id = 92 os_tid = 0x124 Thread: id = 93 os_tid = 0x3f8 Thread: id = 94 os_tid = 0x3f4 Thread: id = 95 os_tid = 0x3f0 Thread: id = 96 os_tid = 0x3c0 Thread: id = 97 os_tid = 0x35c Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x125c6000" os_pid = "0x1184" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x270" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0005a562" [0xc000000f] Region: id = 2740 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2741 start_va = 0xe35b8e0000 end_va = 0xe35b95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35b8e0000" filename = "" Region: id = 2742 start_va = 0xe35ba00000 end_va = 0xe35bbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35ba00000" filename = "" Region: id = 2743 start_va = 0xe35bc00000 end_va = 0xe35bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bc00000" filename = "" Region: id = 2744 start_va = 0xe35bc80000 end_va = 0xe35bcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bc80000" filename = "" Region: id = 2745 start_va = 0xe35bd00000 end_va = 0xe35bd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bd00000" filename = "" Region: id = 2746 start_va = 0xe35bd80000 end_va = 0xe35bdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bd80000" filename = "" Region: id = 2747 start_va = 0xe35be00000 end_va = 0xe35be7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35be00000" filename = "" Region: id = 2748 start_va = 0xe35be80000 end_va = 0xe35befffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35be80000" filename = "" Region: id = 2749 start_va = 0xe35bf00000 end_va = 0xe35bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bf00000" filename = "" Region: id = 2750 start_va = 0xe35bf80000 end_va = 0xe35bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e35bf80000" filename = "" Region: id = 2751 start_va = 0x2e29dae0000 end_va = 0x2e29daeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dae0000" filename = "" Region: id = 2752 start_va = 0x2e29daf0000 end_va = 0x2e29daf6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29daf0000" filename = "" Region: id = 2753 start_va = 0x2e29db00000 end_va = 0x2e29db14fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29db00000" filename = "" Region: id = 2754 start_va = 0x2e29db20000 end_va = 0x2e29db23fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29db20000" filename = "" Region: id = 2755 start_va = 0x2e29db30000 end_va = 0x2e29db30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29db30000" filename = "" Region: id = 2756 start_va = 0x2e29db40000 end_va = 0x2e29db41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29db40000" filename = "" Region: id = 2757 start_va = 0x2e29db50000 end_va = 0x2e29dc0dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2758 start_va = 0x2e29dc10000 end_va = 0x2e29dc16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29dc10000" filename = "" Region: id = 2759 start_va = 0x2e29dc20000 end_va = 0x2e29dc20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29dc20000" filename = "" Region: id = 2760 start_va = 0x2e29dc30000 end_va = 0x2e29dc30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29dc30000" filename = "" Region: id = 2761 start_va = 0x2e29dc40000 end_va = 0x2e29dd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29dc40000" filename = "" Region: id = 2762 start_va = 0x2e29dd40000 end_va = 0x2e29dd44fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2763 start_va = 0x2e29dd50000 end_va = 0x2e29dd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dd50000" filename = "" Region: id = 2764 start_va = 0x2e29dd60000 end_va = 0x2e29dd60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dd60000" filename = "" Region: id = 2765 start_va = 0x2e29dd70000 end_va = 0x2e29dd70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dd70000" filename = "" Region: id = 2766 start_va = 0x2e29dd80000 end_va = 0x2e29dd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 2767 start_va = 0x2e29dda0000 end_va = 0x2e29dda2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 2768 start_va = 0x2e29ddd0000 end_va = 0x2e29ddd2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 2769 start_va = 0x2e29dde0000 end_va = 0x2e29ddeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29dde0000" filename = "" Region: id = 2770 start_va = 0x2e29ddf0000 end_va = 0x2e29e126fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2771 start_va = 0x2e29e130000 end_va = 0x2e29e2b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29e130000" filename = "" Region: id = 2772 start_va = 0x2e29e2c0000 end_va = 0x2e29e440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29e2c0000" filename = "" Region: id = 2773 start_va = 0x2e29e450000 end_va = 0x2e29e50ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29e450000" filename = "" Region: id = 2774 start_va = 0x2e29e510000 end_va = 0x2e29e60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29e510000" filename = "" Region: id = 2775 start_va = 0x2e29e610000 end_va = 0x2e29e70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29e610000" filename = "" Region: id = 2776 start_va = 0x7df5ff950000 end_va = 0x7ff5ff94ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff950000" filename = "" Region: id = 2777 start_va = 0x7ff7ce100000 end_va = 0x7ff7ce1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7ce100000" filename = "" Region: id = 2778 start_va = 0x7ff7ce200000 end_va = 0x7ff7ce222fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7ce200000" filename = "" Region: id = 2779 start_va = 0x7ff7ceb30000 end_va = 0x7ff7cebaffff monitored = 0 entry_point = 0x7ff7ceb45f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2780 start_va = 0x7ffa5f360000 end_va = 0x7ffa5f52efff monitored = 1 entry_point = 0x7ffa5f387df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2781 start_va = 0x7ffa63b50000 end_va = 0x7ffa63b9dfff monitored = 0 entry_point = 0x7ffa63b61ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2782 start_va = 0x7ffa6b3c0000 end_va = 0x7ffa6b3d5fff monitored = 0 entry_point = 0x7ffa6b3c55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2783 start_va = 0x7ffa6b700000 end_va = 0x7ffa6b724fff monitored = 0 entry_point = 0x7ffa6b709900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2784 start_va = 0x7ffa6b730000 end_va = 0x7ffa6b743fff monitored = 0 entry_point = 0x7ffa6b731800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2785 start_va = 0x7ffa6b750000 end_va = 0x7ffa6b845fff monitored = 0 entry_point = 0x7ffa6b789590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2786 start_va = 0x7ffa6c480000 end_va = 0x7ffa6c4a5fff monitored = 0 entry_point = 0x7ffa6c481cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2787 start_va = 0x7ffa6d6d0000 end_va = 0x7ffa6d6e0fff monitored = 0 entry_point = 0x7ffa6d6d2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2788 start_va = 0x7ffa6de20000 end_va = 0x7ffa6de2dfff monitored = 0 entry_point = 0x7ffa6de21da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2789 start_va = 0x7ffa6df40000 end_va = 0x7ffa6df4bfff monitored = 0 entry_point = 0x7ffa6df435c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2790 start_va = 0x7ffa6f330000 end_va = 0x7ffa6f3aefff monitored = 1 entry_point = 0x7ffa6f347110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2791 start_va = 0x7ffa708c0000 end_va = 0x7ffa708d1fff monitored = 0 entry_point = 0x7ffa708c3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2792 start_va = 0x7ffa71790000 end_va = 0x7ffa7179afff monitored = 0 entry_point = 0x7ffa717912b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 2793 start_va = 0x7ffa717a0000 end_va = 0x7ffa717b3fff monitored = 0 entry_point = 0x7ffa717a1310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 2794 start_va = 0x7ffa71a90000 end_va = 0x7ffa71aa8fff monitored = 0 entry_point = 0x7ffa71a94520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2795 start_va = 0x7ffa744f0000 end_va = 0x7ffa74505fff monitored = 0 entry_point = 0x7ffa744f1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2796 start_va = 0x7ffa748f0000 end_va = 0x7ffa7492dfff monitored = 0 entry_point = 0x7ffa748fa050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2797 start_va = 0x7ffa74af0000 end_va = 0x7ffa74b00fff monitored = 0 entry_point = 0x7ffa74af3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2798 start_va = 0x7ffa75630000 end_va = 0x7ffa75639fff monitored = 0 entry_point = 0x7ffa75631660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2799 start_va = 0x7ffa76be0000 end_va = 0x7ffa76bf2fff monitored = 0 entry_point = 0x7ffa76be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2800 start_va = 0x7ffa76ec0000 end_va = 0x7ffa76ee6fff monitored = 0 entry_point = 0x7ffa76ec7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2801 start_va = 0x7ffa778b0000 end_va = 0x7ffa778bbfff monitored = 0 entry_point = 0x7ffa778b27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2802 start_va = 0x7ffa779f0000 end_va = 0x7ffa77a69fff monitored = 0 entry_point = 0x7ffa77a11a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2803 start_va = 0x7ffa78120000 end_va = 0x7ffa7814cfff monitored = 0 entry_point = 0x7ffa78139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2804 start_va = 0x7ffa782b0000 end_va = 0x7ffa78305fff monitored = 0 entry_point = 0x7ffa782c0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2805 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2806 start_va = 0x7ffa784c0000 end_va = 0x7ffa784cffff monitored = 0 entry_point = 0x7ffa784c56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2807 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2808 start_va = 0x7ffa784e0000 end_va = 0x7ffa7852afff monitored = 0 entry_point = 0x7ffa784e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2809 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2810 start_va = 0x7ffa786c0000 end_va = 0x7ffa78702fff monitored = 0 entry_point = 0x7ffa786d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2811 start_va = 0x7ffa78710000 end_va = 0x7ffa78726fff monitored = 0 entry_point = 0x7ffa78711390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2812 start_va = 0x7ffa78730000 end_va = 0x7ffa788f6fff monitored = 0 entry_point = 0x7ffa7878db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2813 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2814 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2815 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2816 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2817 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2818 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2819 start_va = 0x7ffa7b540000 end_va = 0x7ffa7b5aafff monitored = 0 entry_point = 0x7ffa7b5590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2820 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2821 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2822 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2823 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2824 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2825 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2851 start_va = 0x2e29dd80000 end_va = 0x2e29dd82fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dd80000" filename = "" Region: id = 2854 start_va = 0x2e29dd90000 end_va = 0x2e29dd97fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dd90000" filename = "" Region: id = 2856 start_va = 0x2e29dda0000 end_va = 0x2e29dda5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29dda0000" filename = "" Region: id = 2859 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002e29ddb0000" filename = "" Region: id = 2860 start_va = 0x2e29e710000 end_va = 0x2e29e80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29e710000" filename = "" Region: id = 2861 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2862 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2863 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2864 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2865 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2866 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2867 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2868 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2869 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc9fff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2870 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2871 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc9fff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2872 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2873 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 2874 start_va = 0x2e29e810000 end_va = 0x2e29e8cbfff monitored = 0 entry_point = 0x2e29e84c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 2875 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 2876 start_va = 0x2e29e810000 end_va = 0x2e29e8cbfff monitored = 0 entry_point = 0x2e29e84c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 2877 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2878 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2879 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2880 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2881 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2882 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2883 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2884 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2885 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2886 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2887 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2888 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2889 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2890 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2891 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2892 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2893 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2894 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2895 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2896 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2897 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2898 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2899 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2900 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2901 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2902 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2903 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2904 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2905 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2906 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2907 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2908 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2909 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2910 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2911 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2912 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2913 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2914 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2915 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2916 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2917 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2918 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2919 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2920 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2921 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2922 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2923 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2924 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2925 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2926 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2927 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2928 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2929 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2930 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2931 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2932 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2933 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2934 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x2e29e855b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2935 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2936 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x2e29e855b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2937 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2938 start_va = 0x2e29e810000 end_va = 0x2e29e8f1fff monitored = 0 entry_point = 0x2e29e86d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2939 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2940 start_va = 0x2e29e810000 end_va = 0x2e29e8f1fff monitored = 0 entry_point = 0x2e29e86d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2941 start_va = 0x2e29e810000 end_va = 0x2e29e8f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2942 start_va = 0x2e29e900000 end_va = 0x2e29e928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2943 start_va = 0x2e29e810000 end_va = 0x2e29e8f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2944 start_va = 0x2e29e900000 end_va = 0x2e29e928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2945 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2946 start_va = 0x2e29e810000 end_va = 0x2e29e8a2fff monitored = 0 entry_point = 0x2e29e889000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2947 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2948 start_va = 0x2e29e810000 end_va = 0x2e29e8a2fff monitored = 0 entry_point = 0x2e29e889000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2949 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2950 start_va = 0x2e29e810000 end_va = 0x2e29e8b0fff monitored = 0 entry_point = 0x2e29e8a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2951 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2952 start_va = 0x2e29e810000 end_va = 0x2e29e8b0fff monitored = 0 entry_point = 0x2e29e8a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2953 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2954 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2955 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2956 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2957 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2958 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2959 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2960 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2961 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2962 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2963 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2964 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2965 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2966 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2967 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2968 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2969 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2970 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2971 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2972 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2973 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2974 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2975 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2976 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2977 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2978 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2979 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2980 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2981 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2982 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2983 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2984 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2985 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2986 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2987 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2988 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2989 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2990 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2991 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2992 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2993 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbefff monitored = 0 entry_point = 0x2e29ddb36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2994 start_va = 0x2e29ddc0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2995 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbefff monitored = 0 entry_point = 0x2e29ddb36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2996 start_va = 0x2e29ddc0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2997 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2998 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2999 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3000 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3001 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3002 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3003 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3004 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3005 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3006 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3007 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3008 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3009 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3010 start_va = 0x2e29e810000 end_va = 0x2e29e91efff monitored = 0 entry_point = 0x2e29e84c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3011 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3012 start_va = 0x2e29e810000 end_va = 0x2e29e91efff monitored = 0 entry_point = 0x2e29e84c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3013 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3014 start_va = 0x2e29e810000 end_va = 0x2e29e811fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3015 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3016 start_va = 0x2e29e810000 end_va = 0x2e29e811fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3017 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3018 start_va = 0x2e29e810000 end_va = 0x2e29e811fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3019 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3020 start_va = 0x2e29e810000 end_va = 0x2e29e811fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3021 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3022 start_va = 0x2e29e810000 end_va = 0x2e29ea66fff monitored = 0 entry_point = 0x2e29ea1ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3023 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3024 start_va = 0x2e29e810000 end_va = 0x2e29ea66fff monitored = 0 entry_point = 0x2e29ea1ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3025 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3026 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3027 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3028 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3029 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3030 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3031 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3032 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3033 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3034 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3035 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3036 start_va = 0x2e29e810000 end_va = 0x2e29e920fff monitored = 0 entry_point = 0x2e29e901bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3037 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3038 start_va = 0x2e29ddc0000 end_va = 0x2e29ddcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3039 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3040 start_va = 0x2e29ddc0000 end_va = 0x2e29ddcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3041 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3042 start_va = 0x2e29e810000 end_va = 0x2e29ec17fff monitored = 0 entry_point = 0x2e29e8de3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3043 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3044 start_va = 0x2e29e810000 end_va = 0x2e29ec17fff monitored = 0 entry_point = 0x2e29e8de3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3045 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3046 start_va = 0x2e29e810000 end_va = 0x2e29ec17fff monitored = 0 entry_point = 0x2e29e8de3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3047 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3048 start_va = 0x2e29e810000 end_va = 0x2e29ec17fff monitored = 0 entry_point = 0x2e29e8de3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3049 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3050 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3051 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3052 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3053 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3054 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3055 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3056 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3057 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3058 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3059 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3060 start_va = 0x2e29e810000 end_va = 0x2e29e8befff monitored = 0 entry_point = 0x2e29e887000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3061 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3062 start_va = 0x2e29e810000 end_va = 0x2e29e8e4fff monitored = 0 entry_point = 0x2e29e83e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3063 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3064 start_va = 0x2e29e810000 end_va = 0x2e29e8e4fff monitored = 0 entry_point = 0x2e29e83e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3065 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3066 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3067 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3068 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3069 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3070 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3071 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3072 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3073 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3074 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3075 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3076 start_va = 0x2e29e810000 end_va = 0x2e29e870fff monitored = 0 entry_point = 0x2e29e820770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3077 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3078 start_va = 0x2e29e810000 end_va = 0x2e29e857fff monitored = 0 entry_point = 0x2e29e84acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3079 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3080 start_va = 0x2e29e810000 end_va = 0x2e29e857fff monitored = 0 entry_point = 0x2e29e84acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3081 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3082 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3083 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3084 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3085 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3086 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3087 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3088 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3089 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3090 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3091 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3092 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3093 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3094 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3095 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3096 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3097 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3098 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3099 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3100 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3101 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3102 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3103 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3104 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3105 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3106 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3107 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3108 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3109 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3110 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3111 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3112 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3113 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3114 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3115 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3116 start_va = 0x2e29e810000 end_va = 0x2e29e92ffff monitored = 0 entry_point = 0x2e29e90c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3117 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3118 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3119 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3120 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3121 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3122 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3123 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3124 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3125 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3126 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3127 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3128 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3129 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3130 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3131 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3132 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3133 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3134 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3135 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3136 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3137 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3138 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3139 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3140 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3141 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3142 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3143 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3144 start_va = 0x2e29e810000 end_va = 0x2e29e820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3145 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3146 start_va = 0x2e29e810000 end_va = 0x2e29e881fff monitored = 0 entry_point = 0x2e29e867000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3147 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3148 start_va = 0x2e29e810000 end_va = 0x2e29e881fff monitored = 0 entry_point = 0x2e29e867000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3149 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc8fff monitored = 0 entry_point = 0x2e29ddbb610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 3150 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 3151 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc8fff monitored = 0 entry_point = 0x2e29ddbb610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 3152 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 3153 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3154 start_va = 0x2e29e810000 end_va = 0x2e29e9f8fff monitored = 0 entry_point = 0x2e29e8115f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3155 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3156 start_va = 0x2e29e810000 end_va = 0x2e29e9f8fff monitored = 0 entry_point = 0x2e29e8115f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3157 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3158 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3159 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3160 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3161 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 3162 start_va = 0x2e29e810000 end_va = 0x2e29e8effff monitored = 0 entry_point = 0x2e29e8a2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 3163 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 3164 start_va = 0x2e29e810000 end_va = 0x2e29e8effff monitored = 0 entry_point = 0x2e29e8a2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 3165 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3166 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3167 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3168 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3169 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3170 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3171 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddc0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3172 start_va = 0x2e29e810000 end_va = 0x2e29e812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3173 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc9fff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3174 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3175 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc9fff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3176 start_va = 0x2e29e810000 end_va = 0x2e29e815fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3177 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 3178 start_va = 0x2e29e810000 end_va = 0x2e29e8cbfff monitored = 0 entry_point = 0x2e29e84c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 3179 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 3180 start_va = 0x2e29e810000 end_va = 0x2e29e8cbfff monitored = 0 entry_point = 0x2e29e84c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 3181 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3182 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3183 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3184 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3185 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3186 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3187 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3188 start_va = 0x2e29e810000 end_va = 0x2e29e83afff monitored = 0 entry_point = 0x2e29e82d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3189 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3190 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3191 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3192 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3193 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3194 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3195 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3196 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3197 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3198 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3199 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3200 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3201 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3202 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3203 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3204 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3205 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3206 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3207 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3208 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3209 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3210 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3211 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3212 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3213 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3214 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3215 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3216 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3217 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3218 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3219 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3220 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3221 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3222 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3223 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3224 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3225 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3226 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3227 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3228 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3229 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3230 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3231 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3232 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3233 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3234 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3235 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3236 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3237 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3238 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3239 start_va = 0x2e29ddb0000 end_va = 0x2e29ddccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3240 start_va = 0x2e29e810000 end_va = 0x2e29e876fff monitored = 0 entry_point = 0x2e29e8163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3241 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3242 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x2e29e855b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3243 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3244 start_va = 0x2e29e810000 end_va = 0x2e29e869fff monitored = 0 entry_point = 0x2e29e855b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3245 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3246 start_va = 0x2e29e810000 end_va = 0x2e29e8f1fff monitored = 0 entry_point = 0x2e29e86d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3247 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3248 start_va = 0x2e29e810000 end_va = 0x2e29e8f1fff monitored = 0 entry_point = 0x2e29e86d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3249 start_va = 0x2e29e810000 end_va = 0x2e29e8f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3250 start_va = 0x2e29e900000 end_va = 0x2e29e928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3251 start_va = 0x2e29e810000 end_va = 0x2e29e8f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3252 start_va = 0x2e29e900000 end_va = 0x2e29e928fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3253 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3254 start_va = 0x2e29e810000 end_va = 0x2e29e8a2fff monitored = 0 entry_point = 0x2e29e889000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3255 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3256 start_va = 0x2e29e810000 end_va = 0x2e29e8a2fff monitored = 0 entry_point = 0x2e29e889000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3257 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3258 start_va = 0x2e29e810000 end_va = 0x2e29e8b0fff monitored = 0 entry_point = 0x2e29e8a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3259 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3260 start_va = 0x2e29e810000 end_va = 0x2e29e8b0fff monitored = 0 entry_point = 0x2e29e8a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3261 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3262 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3263 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3264 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3265 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3266 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3267 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3268 start_va = 0x2e29e810000 end_va = 0x2e29e895fff monitored = 0 entry_point = 0x2e29e881000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3269 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3270 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3271 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3272 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3273 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3274 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3275 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3276 start_va = 0x2e29e810000 end_va = 0x2e29e8c7fff monitored = 0 entry_point = 0x2e29e811d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3277 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3278 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3279 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3280 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3281 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3282 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3283 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3284 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3285 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3286 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3287 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3288 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3289 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3290 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3291 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3292 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3293 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3294 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3295 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3296 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3297 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3298 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3299 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3300 start_va = 0x2e29e810000 end_va = 0x2e29e902fff monitored = 0 entry_point = 0x2e29e835d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3301 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbefff monitored = 0 entry_point = 0x2e29ddb36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 3302 start_va = 0x2e29ddc0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 3303 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3304 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3305 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3306 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3307 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3308 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3309 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3310 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3311 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3312 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3313 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3314 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3315 start_va = 0x2e29ddb0000 end_va = 0x2e29ddcafff monitored = 1 entry_point = 0x2e29ddb1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3316 start_va = 0x2e29e810000 end_va = 0x2e29e81bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3317 start_va = 0x2e29e810000 end_va = 0x2e29ea0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002e29e810000" filename = "" Region: id = 3318 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3319 start_va = 0x2e29ea10000 end_va = 0x2e29eb1efff monitored = 0 entry_point = 0x2e29ea4c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3320 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3321 start_va = 0x2e29ea10000 end_va = 0x2e29eb1efff monitored = 0 entry_point = 0x2e29ea4c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3322 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3323 start_va = 0x2e29ea10000 end_va = 0x2e29ea11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3324 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3325 start_va = 0x2e29ea10000 end_va = 0x2e29ea11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3326 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3327 start_va = 0x2e29ea10000 end_va = 0x2e29ea11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3328 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc5fff monitored = 0 entry_point = 0x2e29ddb3630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 3329 start_va = 0x2e29ea10000 end_va = 0x2e29ea11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 3330 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3331 start_va = 0x2e29ea10000 end_va = 0x2e29ec66fff monitored = 0 entry_point = 0x2e29ec1ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3332 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3333 start_va = 0x2e29ea10000 end_va = 0x2e29ec66fff monitored = 0 entry_point = 0x2e29ec1ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3334 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3335 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3336 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3337 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3338 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3339 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3340 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3341 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3342 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3343 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3344 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3345 start_va = 0x2e29ea10000 end_va = 0x2e29eb20fff monitored = 0 entry_point = 0x2e29eb01bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3346 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3347 start_va = 0x2e29ddc0000 end_va = 0x2e29ddcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3348 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3349 start_va = 0x2e29ddc0000 end_va = 0x2e29ddcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3350 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3351 start_va = 0x2e29ddc0000 end_va = 0x2e29ddcdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3352 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3353 start_va = 0x2e29ea10000 end_va = 0x2e29ee17fff monitored = 0 entry_point = 0x2e29eade3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3354 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3355 start_va = 0x2e29ea10000 end_va = 0x2e29ee17fff monitored = 0 entry_point = 0x2e29eade3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3356 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3357 start_va = 0x2e29ea10000 end_va = 0x2e29ee17fff monitored = 0 entry_point = 0x2e29eade3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3358 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 3359 start_va = 0x2e29ea10000 end_va = 0x2e29ee17fff monitored = 0 entry_point = 0x2e29eade3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 3360 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3361 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3362 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3363 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3364 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3365 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3366 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3367 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3368 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3369 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3370 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3371 start_va = 0x2e29ea10000 end_va = 0x2e29eabefff monitored = 0 entry_point = 0x2e29ea87000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3372 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3373 start_va = 0x2e29ea10000 end_va = 0x2e29eae4fff monitored = 0 entry_point = 0x2e29ea3e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3374 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3375 start_va = 0x2e29ea10000 end_va = 0x2e29eae4fff monitored = 0 entry_point = 0x2e29ea3e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3376 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3377 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3378 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3379 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3380 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3381 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3382 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3383 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3384 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3385 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3386 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3387 start_va = 0x2e29ea10000 end_va = 0x2e29ea70fff monitored = 0 entry_point = 0x2e29ea20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3388 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3389 start_va = 0x2e29ea10000 end_va = 0x2e29ea57fff monitored = 0 entry_point = 0x2e29ea4acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3390 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3391 start_va = 0x2e29ea10000 end_va = 0x2e29ea57fff monitored = 0 entry_point = 0x2e29ea4acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3392 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3393 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3394 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3395 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3396 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3397 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3398 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3399 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3400 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3401 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3402 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3403 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3404 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3405 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3406 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3407 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3408 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3409 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3410 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3411 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3412 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3413 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3414 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3415 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3416 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3417 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3418 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3419 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3420 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3421 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3422 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3423 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3424 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3425 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3426 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3427 start_va = 0x2e29ea10000 end_va = 0x2e29eb2ffff monitored = 0 entry_point = 0x2e29eb0c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3428 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3429 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3430 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3431 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3432 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3433 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3434 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3435 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3436 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3437 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3438 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3439 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3440 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3441 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3442 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3443 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3444 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3445 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3446 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3447 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3448 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3449 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3450 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3451 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3452 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3453 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3454 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3455 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3456 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3457 start_va = 0x2e29ea10000 end_va = 0x2e29ea20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3458 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3459 start_va = 0x2e29ea10000 end_va = 0x2e29ea81fff monitored = 0 entry_point = 0x2e29ea67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3460 start_va = 0x2e29ddb0000 end_va = 0x2e29ddbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3461 start_va = 0x2e29ea10000 end_va = 0x2e29ea81fff monitored = 0 entry_point = 0x2e29ea67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3462 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc8fff monitored = 0 entry_point = 0x2e29ddbb610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 3463 start_va = 0x2e29ea10000 end_va = 0x2e29ea15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 3464 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc8fff monitored = 0 entry_point = 0x2e29ddbb610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 3465 start_va = 0x2e29ea10000 end_va = 0x2e29ea15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 3466 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3467 start_va = 0x2e29ea10000 end_va = 0x2e29ebf8fff monitored = 0 entry_point = 0x2e29ea115f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3468 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3469 start_va = 0x2e29ea10000 end_va = 0x2e29ebf8fff monitored = 0 entry_point = 0x2e29ea115f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3470 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3471 start_va = 0x2e29ea10000 end_va = 0x2e29ea69fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3472 start_va = 0x2e29ddb0000 end_va = 0x2e29ddc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3473 start_va = 0x2e29ea10000 end_va = 0x2e29ea69fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3474 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 3475 start_va = 0x2e29ea10000 end_va = 0x2e29eaeffff monitored = 0 entry_point = 0x2e29eaa2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 3476 start_va = 0x2e29ddb0000 end_va = 0x2e29ddb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 3477 start_va = 0x2e29ea10000 end_va = 0x2e29eaeffff monitored = 0 entry_point = 0x2e29eaa2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 3478 start_va = 0x7ffa71790000 end_va = 0x7ffa7179dfff monitored = 0 entry_point = 0x7ffa71792b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Thread: id = 98 os_tid = 0x11e0 [0163.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4aebf3e4, dwHighDateTime=0x1d9d730)) [0163.601] free (_Block=0x2e29e52df60) [0163.601] FreeLibrary (hLibModule=0x2e29dd80000) returned 1 [0163.603] free (_Block=0x2e29e5331b0) [0163.603] free (_Block=0x2e29e52c5c0) [0163.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4aebf3e4, dwHighDateTime=0x1d9d730)) [0163.604] free (_Block=0x2e29e531ca0) [0163.604] FreeLibrary (hLibModule=0x2e29dda0000) returned 1 [0163.605] free (_Block=0x2e29e536270) [0163.606] free (_Block=0x2e29e5353c0) [0163.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4aebf3e4, dwHighDateTime=0x1d9d730)) [0163.606] free (_Block=0x2e29e531d60) [0163.606] FreeLibrary (hLibModule=0x7ffa7a9a0000) returned 1 [0163.606] free (_Block=0x2e29e536890) [0163.606] free (_Block=0x2e29e535b40) [0163.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4aebf3e4, dwHighDateTime=0x1d9d730)) [0163.607] free (_Block=0x2e29e531a80) [0163.607] FreeLibrary (hLibModule=0x7ffa78710000) returned 1 [0163.617] free (_Block=0x2e29e534e70) [0163.617] free (_Block=0x2e29e5358c0) [0163.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4aee585e, dwHighDateTime=0x1d9d730)) [0163.618] free (_Block=0x2e29e5320e0) [0163.618] FreeLibrary (hLibModule=0x7ffa786c0000) returned 1 [0163.618] free (_Block=0x2e29e5367b0) [0163.618] free (_Block=0x2e29e535410) [0163.619] WaitForSingleObjectEx (hHandle=0x258, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0168.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x4e149ce0, dwHighDateTime=0x1d9d730)) [0168.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff18 | out: lpSystemTimeAsFileTime=0xe35bffff18*(dwLowDateTime=0x4e16d570, dwHighDateTime=0x1d9d730)) [0168.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff20 | out: lpSystemTimeAsFileTime=0xe35bffff20*(dwLowDateTime=0x4e16d570, dwHighDateTime=0x1d9d730)) [0168.911] WaitForSingleObjectEx (hHandle=0x258, dwMilliseconds=0x493d1, bAlertable=0) returned 0x0 [0178.386] WaitForSingleObjectEx (hHandle=0x258, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0 [0183.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x56bdd8fe, dwHighDateTime=0x1d9d730)) [0183.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff18 | out: lpSystemTimeAsFileTime=0xe35bffff18*(dwLowDateTime=0x56bdd8fe, dwHighDateTime=0x1d9d730)) [0183.438] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff20 | out: lpSystemTimeAsFileTime=0xe35bffff20*(dwLowDateTime=0x56bdd8fe, dwHighDateTime=0x1d9d730)) [0183.438] WaitForSingleObjectEx (hHandle=0x258, dwMilliseconds=0x271f, bAlertable=0) returned 0x102 [0193.458] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bffff10 | out: lpSystemTimeAsFileTime=0xe35bffff10*(dwLowDateTime=0x5cb83b14, dwHighDateTime=0x1d9d730)) [0193.458] free (_Block=0x2e29e5319e0) [0193.459] FreeLibrary (hLibModule=0x7ffa7be80000) returned 1 [0193.459] free (_Block=0x2e29e5370a0) [0193.473] free (_Block=0x2e29e52c5c0) [0193.473] WaitForSingleObjectEx (hHandle=0x258, dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 99 os_tid = 0x11dc [0159.684] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0163.498] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0163.594] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0163.594] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7dde0 | out: pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7dde0) returned 1 [0163.595] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dc68310 [0163.595] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0163.595] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x2e29dc68310, pcchLanguagesBuffer=0xe35bf7dde0 | out: pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x2e29dc68310, pcchLanguagesBuffer=0xe35bf7dde0) returned 1 [0163.595] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dc683c0 [0163.595] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc68310) returned 1 [0163.595] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x14) returned 0x2e29dc86900 [0163.595] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dc86900, pulNumLanguages=0xe35bf7dee8 | out: pulNumLanguages=0xe35bf7dee8) returned 1 [0163.595] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc86900) returned 1 [0163.600] SetEvent (hEvent=0x258) returned 1 [0163.620] free (_Block=0x2e29e535690) [0163.620] GetCurrentThread () returned 0xfffffffffffffffe [0163.621] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x28, OpenAsSelf=1, TokenHandle=0xe35bf7d450 | out: TokenHandle=0xe35bf7d450*=0x280) returned 1 [0163.621] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xe35bf7d48c | out: lpLuid=0xe35bf7d48c*(LowPart=0x14, HighPart=0)) returned 1 [0163.623] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0163.623] AdjustTokenPrivileges (in: TokenHandle=0x280, DisableAllPrivileges=0, NewState=0xe35bf7d488*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0163.623] GetLastError () returned 0x0 [0163.623] CloseHandle (hObject=0x280) returned 1 [0163.623] malloc (_Size=0x8000) returned 0x2e29e55a1c0 [0163.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e55a1c0, Length=0x8000, ResultLength=0x0 | out: SystemInformation=0x2e29e55a1c0, ResultLength=0x0) returned 0xc0000004 [0163.625] free (_Block=0x2e29e55a1c0) [0163.626] malloc (_Size=0x10000) returned 0x2e29e55a1c0 [0163.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e55a1c0, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e29e55a1c0, ResultLength=0x0) returned 0xc0000004 [0163.629] free (_Block=0x2e29e55a1c0) [0163.685] malloc (_Size=0x18000) returned 0x2e29e55a1c0 [0163.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e55a1c0, Length=0x18000, ResultLength=0x0 | out: SystemInformation=0x2e29e55a1c0, ResultLength=0x0) returned 0xc0000004 [0163.690] free (_Block=0x2e29e55a1c0) [0163.690] malloc (_Size=0x20000) returned 0x2e29e537160 [0163.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e537160, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x2e29e537160, ResultLength=0x0) returned 0x0 [0163.695] _ui64tow_s (in: _Value=0x0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="0") returned 0x0 [0163.701] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="0") returned 1 [0163.703] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x7bea2958, dwBuildNumber=0x7ffa, dwPlatformId=0x6, szCSDVersion="\n") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0163.703] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0163.720] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0163.720] CloseHandle (hObject=0x0) returned 0 [0163.721] _ui64tow_s (in: _Value=0x4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4") returned 0x0 [0163.785] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4") returned 1 [0163.787] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0163.787] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0163.808] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0163.808] CloseHandle (hObject=0x0) returned 0 [0163.809] _ui64tow_s (in: _Value=0x134, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="308") returned 0x0 [0163.815] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="308") returned 3 [0163.879] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0163.879] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0163.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x134) returned 0x0 [0163.904] CloseHandle (hObject=0x0) returned 0 [0163.905] _ui64tow_s (in: _Value=0x180, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="384") returned 0x0 [0163.912] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="384") returned 3 [0163.913] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0163.913] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.046] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x180) returned 0x0 [0164.046] CloseHandle (hObject=0x0) returned 0 [0164.047] _ui64tow_s (in: _Value=0x1bc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="444") returned 0x0 [0164.053] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="444") returned 3 [0164.055] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.055] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.072] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1bc) returned 0x0 [0164.072] CloseHandle (hObject=0x0) returned 0 [0164.073] _ui64tow_s (in: _Value=0x1c4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="452") returned 0x0 [0164.078] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="452") returned 3 [0164.079] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.079] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.109] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c4) returned 0x0 [0164.109] CloseHandle (hObject=0x0) returned 0 [0164.110] _ui64tow_s (in: _Value=0x1f8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="504") returned 0x0 [0164.115] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="504") returned 3 [0164.116] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.116] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.141] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1f8) returned 0x280 [0164.141] GetLastError () returned 0x0 [0164.141] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.141] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xff2cd3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.142] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.142] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x12f29b416a0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.142] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x12f29b413b0, lpBuffer=0xe35bf7c370, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.143] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.145] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.145] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xff2cd3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.145] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x12f29b40d90, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.145] malloc (_Size=0x1c) returned 0x2e29e55a0f0 [0164.145] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x12f29b413f2, lpBuffer=0x2e29e55a0f0, nSize=0x1a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e55a0f0*, lpNumberOfBytesRead=0x0) returned 1 [0164.145] free (_Block=0x2e29e55a0f0) [0164.146] CloseHandle (hObject=0x280) returned 1 [0164.147] _ui64tow_s (in: _Value=0x210, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="528") returned 0x0 [0164.152] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="528") returned 3 [0164.154] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.154] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.173] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x210) returned 0x0 [0164.173] CloseHandle (hObject=0x0) returned 0 [0164.173] _ui64tow_s (in: _Value=0x218, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="536") returned 0x0 [0164.179] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="536") returned 3 [0164.180] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.180] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.196] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x218) returned 0x280 [0164.197] GetLastError () returned 0x0 [0164.197] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.197] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x70fe507018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.197] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.197] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2210d6032b0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.197] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2210d602f08, lpBuffer=0xe35bf7c370, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.198] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.199] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.200] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x70fe507020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.200] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2210d6028f0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.200] malloc (_Size=0x3e) returned 0x2e29e52c5c0 [0164.200] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2210d602f44, lpBuffer=0x2e29e52c5c0, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52c5c0*, lpNumberOfBytesRead=0x0) returned 1 [0164.200] free (_Block=0x2e29e52c5c0) [0164.201] CloseHandle (hObject=0x280) returned 1 [0164.202] _ui64tow_s (in: _Value=0x270, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="624") returned 0x0 [0164.207] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="624") returned 3 [0164.208] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.208] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.237] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x270) returned 0x280 [0164.238] GetLastError () returned 0x0 [0164.238] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.238] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4bd4bbe018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.238] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.238] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x218a64033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.238] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x218a6403048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.239] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.241] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.241] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4bd4bbe020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.241] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x218a6402a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.241] malloc (_Size=0x5e) returned 0x2e29e530480 [0164.241] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x218a6403088, lpBuffer=0x2e29e530480, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0164.242] free (_Block=0x2e29e530480) [0164.242] CloseHandle (hObject=0x280) returned 1 [0164.244] _ui64tow_s (in: _Value=0x290, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="656") returned 0x0 [0164.250] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="656") returned 3 [0164.251] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.251] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.274] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x290) returned 0x280 [0164.274] GetLastError () returned 0x0 [0164.274] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.274] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xeb3c623018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.274] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.274] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b56103450, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.274] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b561030c8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.276] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.277] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xeb3c623020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b56102ab0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.278] malloc (_Size=0x54) returned 0x2e29e5356c0 [0164.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b56103108, lpBuffer=0x2e29e5356c0, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5356c0*, lpNumberOfBytesRead=0x0) returned 1 [0164.279] free (_Block=0x2e29e5356c0) [0164.280] CloseHandle (hObject=0x280) returned 1 [0164.281] _ui64tow_s (in: _Value=0x328, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="808") returned 0x0 [0164.286] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="808") returned 3 [0164.287] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.287] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.305] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x328) returned 0x280 [0164.305] GetLastError () returned 0x0 [0164.305] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.305] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x68a768d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.305] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.306] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20fc12119f0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.306] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20fc12116e8, lpBuffer=0xe35bf7c370, nSize=0x38, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.311] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.312] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.312] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x68a768d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.312] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20fc12110d0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.312] malloc (_Size=0x16) returned 0x2e29e531d80 [0164.312] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20fc1211720, lpBuffer=0x2e29e531d80, nSize=0x14, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e531d80*, lpNumberOfBytesRead=0x0) returned 1 [0164.313] free (_Block=0x2e29e531d80) [0164.313] CloseHandle (hObject=0x280) returned 1 [0164.314] _ui64tow_s (in: _Value=0x358, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="856") returned 0x0 [0164.320] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="856") returned 3 [0164.321] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.321] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.338] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x358) returned 0x280 [0164.338] GetLastError () returned 0x0 [0164.338] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.338] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe58887a018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.338] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.339] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28611e033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.339] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28611e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.340] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.341] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.341] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe58887a020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.341] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28611e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.342] malloc (_Size=0x58) returned 0x2e29e535ba0 [0164.342] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28611e03088, lpBuffer=0x2e29e535ba0, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e535ba0*, lpNumberOfBytesRead=0x0) returned 1 [0164.342] free (_Block=0x2e29e535ba0) [0164.343] CloseHandle (hObject=0x280) returned 1 [0164.344] _ui64tow_s (in: _Value=0x368, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="872") returned 0x0 [0164.349] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="872") returned 3 [0164.350] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.350] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.368] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x368) returned 0x280 [0164.368] GetLastError () returned 0x0 [0164.368] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.368] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xb23a8e3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.368] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.369] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25329703480, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.369] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x253297030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.370] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.371] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.371] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xb23a8e3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.371] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25329702ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.371] malloc (_Size=0x74) returned 0x2e29e5331b0 [0164.371] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25329703118, lpBuffer=0x2e29e5331b0, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0164.372] free (_Block=0x2e29e5331b0) [0164.373] CloseHandle (hObject=0x280) returned 1 [0164.373] _ui64tow_s (in: _Value=0x38c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="908") returned 0x0 [0164.382] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="908") returned 3 [0164.384] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.384] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.404] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x38c) returned 0x280 [0164.404] GetLastError () returned 0x0 [0164.404] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.404] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x849e247018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.405] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.405] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a5e3103490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.405] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a5e31030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.406] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.407] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.407] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x849e247020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.407] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a5e3102ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.407] malloc (_Size=0x84) returned 0x2e29e5331b0 [0164.408] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a5e3103118, lpBuffer=0x2e29e5331b0, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0164.408] free (_Block=0x2e29e5331b0) [0164.409] CloseHandle (hObject=0x280) returned 1 [0164.410] _ui64tow_s (in: _Value=0x39c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="924") returned 0x0 [0164.414] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="924") returned 3 [0164.416] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.416] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.435] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x39c) returned 0x280 [0164.435] GetLastError () returned 0x0 [0164.435] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xd3ae96018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e9d3f03490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e9d3f030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.436] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.438] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xd3ae96020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e9d3f02ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.438] malloc (_Size=0x86) returned 0x2e29e5331b0 [0164.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e9d3f03118, lpBuffer=0x2e29e5331b0, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0164.439] free (_Block=0x2e29e5331b0) [0164.440] CloseHandle (hObject=0x280) returned 1 [0164.441] _ui64tow_s (in: _Value=0x3fc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1020") returned 0x0 [0164.445] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1020") returned 4 [0164.446] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.446] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.476] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3fc) returned 0x280 [0164.476] GetLastError () returned 0x0 [0164.476] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.476] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x71b3034018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.476] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.477] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26426003470, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.477] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x264260030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.478] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.479] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.479] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x71b3034020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.480] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26426002ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.480] malloc (_Size=0x62) returned 0x2e29e530480 [0164.480] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26426003118, lpBuffer=0x2e29e530480, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0164.481] free (_Block=0x2e29e530480) [0164.482] CloseHandle (hObject=0x280) returned 1 [0164.483] _ui64tow_s (in: _Value=0x1b8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="440") returned 0x0 [0164.489] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="440") returned 3 [0164.491] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.491] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.513] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b8) returned 0x280 [0164.513] GetLastError () returned 0x0 [0164.513] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.513] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xb4bbe3c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.513] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.513] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f146e03400, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.514] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f146e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.514] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.516] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.516] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xb4bbe3c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.516] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f146e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.516] malloc (_Size=0x82) returned 0x2e29e5331b0 [0164.516] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f146e03088, lpBuffer=0x2e29e5331b0, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0164.517] free (_Block=0x2e29e5331b0) [0164.518] CloseHandle (hObject=0x280) returned 1 [0164.518] _ui64tow_s (in: _Value=0x460, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1120") returned 0x0 [0164.523] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1120") returned 4 [0164.524] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.524] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.540] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x460) returned 0x280 [0164.540] GetLastError () returned 0x0 [0164.540] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.540] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x448f0b2018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.540] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.540] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e0ed903460, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.540] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e0ed9030c8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.541] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.542] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.542] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x448f0b2020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.542] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e0ed902ab0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.543] malloc (_Size=0x66) returned 0x2e29e52ff40 [0164.543] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e0ed903108, lpBuffer=0x2e29e52ff40, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0164.543] free (_Block=0x2e29e52ff40) [0164.544] CloseHandle (hObject=0x280) returned 1 [0164.545] _ui64tow_s (in: _Value=0x4d8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1240") returned 0x0 [0164.549] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1240") returned 4 [0164.556] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.556] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.574] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d8) returned 0x280 [0164.574] GetLastError () returned 0x0 [0164.575] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.575] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3ff018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.575] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.575] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1b70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.575] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1818, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.576] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.577] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.577] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3ff020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.577] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.578] malloc (_Size=0x42) returned 0x2e29e52ca20 [0164.578] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1858, lpBuffer=0x2e29e52ca20, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.578] free (_Block=0x2e29e52ca20) [0164.579] CloseHandle (hObject=0x280) returned 1 [0164.579] _ui64tow_s (in: _Value=0x580, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1408") returned 0x0 [0164.585] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1408") returned 4 [0164.586] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.586] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.606] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x580) returned 0x280 [0164.606] GetLastError () returned 0x0 [0164.606] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.607] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xada0213018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.607] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.607] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1eb702a1bf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.607] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1eb702a18c8, lpBuffer=0xe35bf7c370, nSize=0x3e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.608] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.609] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.609] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xada0213020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.609] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1eb702a12b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.609] malloc (_Size=0x18) returned 0x2e29e531f60 [0164.609] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1eb702a1906, lpBuffer=0x2e29e531f60, nSize=0x16, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e531f60*, lpNumberOfBytesRead=0x0) returned 1 [0164.610] free (_Block=0x2e29e531f60) [0164.610] CloseHandle (hObject=0x280) returned 1 [0164.611] _ui64tow_s (in: _Value=0x634, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1588") returned 0x0 [0164.616] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1588") returned 4 [0164.617] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.617] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.636] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x634) returned 0x280 [0164.636] GetLastError () returned 0x0 [0164.636] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.636] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x10d4688018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.636] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.637] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x15c5b9034a0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.637] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x15c5b9030e8, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.638] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.639] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.639] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x10d4688020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.639] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x15c5b902ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.640] malloc (_Size=0x64) returned 0x2e29e52ff40 [0164.640] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x15c5b903134, lpBuffer=0x2e29e52ff40, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0164.641] free (_Block=0x2e29e52ff40) [0164.641] CloseHandle (hObject=0x280) returned 1 [0164.642] _ui64tow_s (in: _Value=0x698, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1688") returned 0x0 [0164.649] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1688") returned 4 [0164.650] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.650] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.670] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x698) returned 0x280 [0164.670] GetLastError () returned 0x0 [0164.670] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.670] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39e61be018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.670] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.670] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a332e033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.670] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a332e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.671] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.672] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.672] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39e61be020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.673] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a332e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.673] malloc (_Size=0x5a) returned 0x2e29e5302c0 [0164.673] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1a332e03088, lpBuffer=0x2e29e5302c0, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0164.673] free (_Block=0x2e29e5302c0) [0164.674] CloseHandle (hObject=0x280) returned 1 [0164.675] _ui64tow_s (in: _Value=0x7e8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2024") returned 0x0 [0164.684] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2024") returned 4 [0164.686] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.686] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.721] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7e8) returned 0x280 [0164.721] GetLastError () returned 0x0 [0164.721] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.721] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39a018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.721] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.722] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a1c50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.722] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a18e8, lpBuffer=0xe35bf7c370, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.749] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.751] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.751] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39a020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.751] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a12d0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.751] malloc (_Size=0x32) returned 0x2e29e530eb0 [0164.751] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a1918, lpBuffer=0x2e29e530eb0, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530eb0*, lpNumberOfBytesRead=0x0) returned 1 [0164.752] free (_Block=0x2e29e530eb0) [0164.753] CloseHandle (hObject=0x280) returned 1 [0164.760] _ui64tow_s (in: _Value=0x2e0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="736") returned 0x0 [0164.767] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="736") returned 3 [0164.768] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.768] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.795] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2e0) returned 0x280 [0164.795] GetLastError () returned 0x0 [0164.795] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.795] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xa6def54018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.796] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.796] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23ea7c31c70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.796] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23ea7c318c8, lpBuffer=0xe35bf7c370, nSize=0x44, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.798] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.811] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.811] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xa6def54020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.812] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23ea7c312b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.812] malloc (_Size=0x6c) returned 0x2e29e5331b0 [0164.812] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23ea7c3190c, lpBuffer=0x2e29e5331b0, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0164.813] free (_Block=0x2e29e5331b0) [0164.814] CloseHandle (hObject=0x280) returned 1 [0164.815] _ui64tow_s (in: _Value=0x8d4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2260") returned 0x0 [0164.843] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2260") returned 4 [0164.844] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.844] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.862] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d4) returned 0x280 [0164.862] GetLastError () returned 0x0 [0164.863] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.863] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1163c21018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.869] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.871] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c798303780, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.873] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c7983032e8, lpBuffer=0xe35bf7c370, nSize=0xa0, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.876] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.877] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.877] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1163c21020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.883] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c798302c60, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.887] malloc (_Size=0x118) returned 0x2e29e536d60 [0164.887] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c798303388, lpBuffer=0x2e29e536d60, nSize=0x116, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e536d60*, lpNumberOfBytesRead=0x0) returned 1 [0164.891] free (_Block=0x2e29e536d60) [0164.892] CloseHandle (hObject=0x280) returned 1 [0164.892] _ui64tow_s (in: _Value=0x934, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2356") returned 0x0 [0164.897] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2356") returned 4 [0164.898] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.899] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.915] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x934) returned 0x280 [0164.915] GetLastError () returned 0x0 [0164.916] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.916] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xc29bf78018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.932] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.941] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28460e03730, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.947] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28460e032b4, lpBuffer=0xe35bf7c370, nSize=0x96, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0164.951] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0164.954] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0164.954] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xc29bf78020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0164.958] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28460e02c20, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0164.966] malloc (_Size=0x11a) returned 0x2e29e534e70 [0164.966] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x28460e0334a, lpBuffer=0x2e29e534e70, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0164.968] free (_Block=0x2e29e534e70) [0164.969] CloseHandle (hObject=0x280) returned 1 [0164.970] _ui64tow_s (in: _Value=0x8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="8") returned 0x0 [0164.977] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="8") returned 1 [0164.979] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.979] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0164.998] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8) returned 0x280 [0164.999] GetLastError () returned 0x0 [0164.999] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0164.999] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x227ce00018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0164.999] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0164.999] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1db5b303490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0164.999] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1db5b3030e8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.000] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.001] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x227ce00020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1db5b302ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.002] malloc (_Size=0x6a) returned 0x2e29e5331b0 [0165.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1db5b303128, lpBuffer=0x2e29e5331b0, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0165.003] free (_Block=0x2e29e5331b0) [0165.004] CloseHandle (hObject=0x280) returned 1 [0165.005] _ui64tow_s (in: _Value=0xae4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2788") returned 0x0 [0165.011] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2788") returned 4 [0165.012] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.012] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.030] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xae4) returned 0x280 [0165.030] GetLastError () returned 0x0 [0165.031] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.031] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2db7e47018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.031] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.031] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x17ffee61bd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.031] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x17ffee61818, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.032] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.033] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.033] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2db7e47020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.033] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x17ffee61200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.034] malloc (_Size=0x64) returned 0x2e29e5302c0 [0165.034] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x17ffee61864, lpBuffer=0x2e29e5302c0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0165.035] free (_Block=0x2e29e5302c0) [0165.036] CloseHandle (hObject=0x280) returned 1 [0165.036] _ui64tow_s (in: _Value=0xb40, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2880") returned 0x0 [0165.041] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2880") returned 4 [0165.042] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.042] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.057] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb40) returned 0x280 [0165.057] GetLastError () returned 0x0 [0165.057] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.057] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x100358018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.058] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.058] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1822c721c80, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.058] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1822c7218c8, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.059] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.060] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.060] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x100358020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.060] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1822c7212b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.060] malloc (_Size=0x72) returned 0x2e29e5331b0 [0165.060] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1822c721922, lpBuffer=0x2e29e5331b0, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0165.061] free (_Block=0x2e29e5331b0) [0165.062] CloseHandle (hObject=0x280) returned 1 [0165.154] _ui64tow_s (in: _Value=0x4a8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1192") returned 0x0 [0165.159] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1192") returned 4 [0165.161] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x7b95ec4f, dwBuildNumber=0x7ffa, dwPlatformId=0x5bf7c920, szCSDVersion="ã") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.161] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.240] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a8) returned 0x280 [0165.241] GetLastError () returned 0x0 [0165.241] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.241] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x251d53018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.348] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.380] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x170b8103510, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.383] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x170b810312a, lpBuffer=0xe35bf7c370, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.385] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.390] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.390] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x251d53020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.396] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x170b8102ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.397] malloc (_Size=0xd6) returned 0x2e29e534e70 [0165.398] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x170b8103192, lpBuffer=0x2e29e534e70, nSize=0xd4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.403] free (_Block=0x2e29e534e70) [0165.404] CloseHandle (hObject=0x280) returned 1 [0165.404] _ui64tow_s (in: _Value=0x5e0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1504") returned 0x0 [0165.409] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1504") returned 4 [0165.410] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.410] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.429] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x0 [0165.429] CloseHandle (hObject=0x0) returned 0 [0165.430] _ui64tow_s (in: _Value=0xbf4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3060") returned 0x0 [0165.434] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3060") returned 4 [0165.436] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.436] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.457] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf4) returned 0x280 [0165.457] GetLastError () returned 0x0 [0165.457] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.457] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe8629e5018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.457] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.458] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21503af1d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.458] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21503af1948, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.459] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.460] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.460] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe8629e5020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.460] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21503af1330, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.460] malloc (_Size=0x7e) returned 0x2e29e534e70 [0165.460] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21503af19a8, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.461] free (_Block=0x2e29e534e70) [0165.462] CloseHandle (hObject=0x280) returned 1 [0165.463] _ui64tow_s (in: _Value=0xd40, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3392") returned 0x0 [0165.467] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3392") returned 4 [0165.469] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.469] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd40) returned 0x280 [0165.487] GetLastError () returned 0x0 [0165.487] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.488] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x301018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.490] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.490] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x601cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.490] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6018f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.491] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.492] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.493] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x301020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.493] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.493] malloc (_Size=0x68) returned 0x2e29e530090 [0165.493] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x601958, lpBuffer=0x2e29e530090, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530090*, lpNumberOfBytesRead=0x0) returned 1 [0165.494] free (_Block=0x2e29e530090) [0165.494] CloseHandle (hObject=0x280) returned 1 [0165.495] _ui64tow_s (in: _Value=0xd48, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3400") returned 0x0 [0165.499] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3400") returned 4 [0165.501] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.501] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.518] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd48) returned 0x280 [0165.518] GetLastError () returned 0x0 [0165.518] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.518] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x230018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.518] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.518] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x781d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.518] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7818f8, lpBuffer=0xe35bf7c370, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.520] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.521] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.521] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x230020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.521] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.521] malloc (_Size=0x8c) returned 0x2e29e534e70 [0165.521] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x78197c, lpBuffer=0x2e29e534e70, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.522] free (_Block=0x2e29e534e70) [0165.523] CloseHandle (hObject=0x280) returned 1 [0165.524] _ui64tow_s (in: _Value=0xd54, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3412") returned 0x0 [0165.529] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3412") returned 4 [0165.530] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.530] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.554] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd54) returned 0x280 [0165.554] GetLastError () returned 0x0 [0165.555] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x30b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b18f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.556] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.558] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.558] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x30b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.558] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.558] malloc (_Size=0x66) returned 0x2e29e5302c0 [0165.558] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b1956, lpBuffer=0x2e29e5302c0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0165.559] free (_Block=0x2e29e5302c0) [0165.560] CloseHandle (hObject=0x280) returned 1 [0165.560] _ui64tow_s (in: _Value=0xd64, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3428") returned 0x0 [0165.567] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3428") returned 4 [0165.568] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.568] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.589] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd64) returned 0x280 [0165.589] GetLastError () returned 0x0 [0165.589] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.589] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.589] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.589] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x591d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.590] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5918f8, lpBuffer=0xe35bf7c370, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.591] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.592] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.592] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x23f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.592] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.592] malloc (_Size=0x80) returned 0x2e29e534e70 [0165.593] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x591970, lpBuffer=0x2e29e534e70, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.593] free (_Block=0x2e29e534e70) [0165.594] CloseHandle (hObject=0x280) returned 1 [0165.595] _ui64tow_s (in: _Value=0xd74, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3444") returned 0x0 [0165.600] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3444") returned 4 [0165.602] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.602] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.624] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd74) returned 0x280 [0165.624] GetLastError () returned 0x0 [0165.624] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.624] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x562018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.624] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.625] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x291d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.625] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2918f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.626] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.627] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.628] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x562020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.628] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.628] malloc (_Size=0x86) returned 0x2e29e534e70 [0165.628] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x291976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.629] free (_Block=0x2e29e534e70) [0165.631] CloseHandle (hObject=0x280) returned 1 [0165.632] _ui64tow_s (in: _Value=0xd80, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3456") returned 0x0 [0165.637] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3456") returned 4 [0165.638] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.638] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.657] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd80) returned 0x280 [0165.657] GetLastError () returned 0x0 [0165.657] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.657] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x437018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.658] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.658] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x251ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.658] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2518f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.659] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.661] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.661] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x437020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.661] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.661] malloc (_Size=0x6c) returned 0x2e29e534e70 [0165.661] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.662] free (_Block=0x2e29e534e70) [0165.663] CloseHandle (hObject=0x280) returned 1 [0165.663] _ui64tow_s (in: _Value=0xd8c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3468") returned 0x0 [0165.669] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3468") returned 4 [0165.670] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.670] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.692] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd8c) returned 0x280 [0165.692] GetLastError () returned 0x0 [0165.692] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.692] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x329018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.692] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.692] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4b1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.693] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4b18f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.694] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.695] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.695] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x329020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.695] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.695] malloc (_Size=0x68) returned 0x2e29e52ff40 [0165.695] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4b1958, lpBuffer=0x2e29e52ff40, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0165.696] free (_Block=0x2e29e52ff40) [0165.697] CloseHandle (hObject=0x280) returned 1 [0165.697] _ui64tow_s (in: _Value=0xd94, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3476") returned 0x0 [0165.703] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3476") returned 4 [0165.705] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.705] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.728] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd94) returned 0x280 [0165.729] GetLastError () returned 0x0 [0165.729] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.729] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x24c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.729] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.729] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.729] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.731] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.732] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.732] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x24c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.733] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.733] malloc (_Size=0x90) returned 0x2e29e534e70 [0165.733] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451980, lpBuffer=0x2e29e534e70, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.733] free (_Block=0x2e29e534e70) [0165.734] CloseHandle (hObject=0x280) returned 1 [0165.735] _ui64tow_s (in: _Value=0xd9c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3484") returned 0x0 [0165.742] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3484") returned 4 [0165.743] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.743] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.763] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd9c) returned 0x280 [0165.763] GetLastError () returned 0x0 [0165.763] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.763] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x206018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.763] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.763] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x571cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.763] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5718f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.764] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.766] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.766] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x206020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.766] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.766] malloc (_Size=0x66) returned 0x2e29e530480 [0165.766] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x571956, lpBuffer=0x2e29e530480, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0165.767] free (_Block=0x2e29e530480) [0165.769] CloseHandle (hObject=0x280) returned 1 [0165.773] _ui64tow_s (in: _Value=0xdac, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3500") returned 0x0 [0165.784] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3500") returned 4 [0165.787] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.787] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.810] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdac) returned 0x280 [0165.810] GetLastError () returned 0x0 [0165.810] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.810] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.810] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.810] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x661cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.811] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6618f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.812] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.813] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.813] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.813] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6612e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.814] malloc (_Size=0x64) returned 0x2e29e530480 [0165.814] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x661954, lpBuffer=0x2e29e530480, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0165.814] free (_Block=0x2e29e530480) [0165.815] CloseHandle (hObject=0x280) returned 1 [0165.843] _ui64tow_s (in: _Value=0xdb8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3512") returned 0x0 [0165.850] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3512") returned 4 [0165.851] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.851] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.871] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdb8) returned 0x280 [0165.871] GetLastError () returned 0x0 [0165.871] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.871] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x396018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.871] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.872] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c1ca0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.872] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c18f8, lpBuffer=0xe35bf7c370, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.873] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.874] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.874] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x396020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.875] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.875] malloc (_Size=0x5a) returned 0x2e29e5302c0 [0165.875] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c194a, lpBuffer=0x2e29e5302c0, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0165.875] free (_Block=0x2e29e5302c0) [0165.876] CloseHandle (hObject=0x280) returned 1 [0165.877] _ui64tow_s (in: _Value=0xdc8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3528") returned 0x0 [0165.883] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3528") returned 4 [0165.885] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.885] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc8) returned 0x280 [0165.904] GetLastError () returned 0x0 [0165.904] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.904] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3b7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.904] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.904] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.904] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.905] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.907] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.907] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3b7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.907] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.907] malloc (_Size=0x6e) returned 0x2e29e534e70 [0165.907] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d195e, lpBuffer=0x2e29e534e70, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.908] free (_Block=0x2e29e534e70) [0165.908] CloseHandle (hObject=0x280) returned 1 [0165.909] _ui64tow_s (in: _Value=0xdd0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3536") returned 0x0 [0165.914] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3536") returned 4 [0165.915] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.915] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.936] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd0) returned 0x280 [0165.936] GetLastError () returned 0x0 [0165.936] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.936] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x221018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.936] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.937] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x481cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.937] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4818f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.938] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.940] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.940] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x221020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.940] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.940] malloc (_Size=0x68) returned 0x2e29e52ff40 [0165.940] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x481958, lpBuffer=0x2e29e52ff40, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0165.941] free (_Block=0x2e29e52ff40) [0165.943] CloseHandle (hObject=0x280) returned 1 [0165.944] _ui64tow_s (in: _Value=0xddc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3548") returned 0x0 [0165.949] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3548") returned 4 [0165.951] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.951] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0165.970] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xddc) returned 0x280 [0165.970] GetLastError () returned 0x0 [0165.970] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0165.971] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3f8018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0165.971] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0165.971] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0165.971] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0165.974] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0165.976] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0165.976] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3f8020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0165.976] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0165.976] malloc (_Size=0x82) returned 0x2e29e534e70 [0165.976] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1972, lpBuffer=0x2e29e534e70, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0165.977] free (_Block=0x2e29e534e70) [0165.978] CloseHandle (hObject=0x280) returned 1 [0165.978] _ui64tow_s (in: _Value=0xdec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3564") returned 0x0 [0165.983] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3564") returned 4 [0165.984] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0165.984] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.001] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdec) returned 0x280 [0166.001] GetLastError () returned 0x0 [0166.001] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.001] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x302018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x691d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.002] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6918f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.003] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.005] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.005] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x302020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.005] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.005] malloc (_Size=0x86) returned 0x2e29e534e70 [0166.005] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x691976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.006] free (_Block=0x2e29e534e70) [0166.007] CloseHandle (hObject=0x280) returned 1 [0166.008] _ui64tow_s (in: _Value=0xdf8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3576") returned 0x0 [0166.013] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3576") returned 4 [0166.015] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.015] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.036] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdf8) returned 0x280 [0166.036] GetLastError () returned 0x0 [0166.036] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.037] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3c4018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.037] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.037] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.037] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.038] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.040] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.040] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3c4020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.040] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.040] malloc (_Size=0x84) returned 0x2e29e534e70 [0166.040] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a1974, lpBuffer=0x2e29e534e70, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.041] free (_Block=0x2e29e534e70) [0166.041] CloseHandle (hObject=0x280) returned 1 [0166.042] _ui64tow_s (in: _Value=0xe04, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3588") returned 0x0 [0166.046] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3588") returned 4 [0166.047] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.047] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.063] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe04) returned 0x280 [0166.063] GetLastError () returned 0x0 [0166.063] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.063] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2fa018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.063] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.063] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.063] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.065] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.069] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.069] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2fa020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.069] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.069] malloc (_Size=0x76) returned 0x2e29e534e70 [0166.069] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.070] free (_Block=0x2e29e534e70) [0166.071] CloseHandle (hObject=0x280) returned 1 [0166.071] _ui64tow_s (in: _Value=0xe18, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3608") returned 0x0 [0166.076] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3608") returned 4 [0166.077] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.077] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.096] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe18) returned 0x280 [0166.096] GetLastError () returned 0x0 [0166.096] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.096] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2ce018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.096] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.096] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.096] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.098] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.099] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.099] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2ce020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.100] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.100] malloc (_Size=0x6c) returned 0x2e29e534e70 [0166.100] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5b195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.100] free (_Block=0x2e29e534e70) [0166.101] CloseHandle (hObject=0x280) returned 1 [0166.102] _ui64tow_s (in: _Value=0xe20, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3616") returned 0x0 [0166.108] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3616") returned 4 [0166.109] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.109] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.131] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe20) returned 0x280 [0166.132] GetLastError () returned 0x0 [0166.132] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.132] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x313018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.132] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.132] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.132] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.133] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.135] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.135] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x313020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.135] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.135] malloc (_Size=0x7a) returned 0x2e29e534e70 [0166.135] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x45196a, lpBuffer=0x2e29e534e70, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.136] free (_Block=0x2e29e534e70) [0166.137] CloseHandle (hObject=0x280) returned 1 [0166.141] _ui64tow_s (in: _Value=0xe2c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3628") returned 0x0 [0166.145] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3628") returned 4 [0166.146] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.146] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.164] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe2c) returned 0x280 [0166.164] GetLastError () returned 0x0 [0166.164] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.164] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x348018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.164] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.164] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e1cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.165] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.166] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.167] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.167] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x348020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.167] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.167] malloc (_Size=0x60) returned 0x2e29e52ff40 [0166.167] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e1950, lpBuffer=0x2e29e52ff40, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0166.168] free (_Block=0x2e29e52ff40) [0166.169] CloseHandle (hObject=0x280) returned 1 [0166.169] _ui64tow_s (in: _Value=0xe3c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3644") returned 0x0 [0166.174] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3644") returned 4 [0166.175] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.175] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.194] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe3c) returned 0x280 [0166.194] GetLastError () returned 0x0 [0166.194] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.194] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e4018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.195] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.195] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.195] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.196] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.197] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.197] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e4020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.198] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.198] malloc (_Size=0x6c) returned 0x2e29e534e70 [0166.198] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.198] free (_Block=0x2e29e534e70) [0166.199] CloseHandle (hObject=0x280) returned 1 [0166.200] _ui64tow_s (in: _Value=0xe48, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3656") returned 0x0 [0166.205] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3656") returned 4 [0166.206] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.206] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.234] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe48) returned 0x280 [0166.234] GetLastError () returned 0x0 [0166.234] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.234] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3cb018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.234] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.235] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.235] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.236] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.237] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.237] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3cb020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.237] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.238] malloc (_Size=0x6c) returned 0x2e29e534e70 [0166.238] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.239] free (_Block=0x2e29e534e70) [0166.239] CloseHandle (hObject=0x280) returned 1 [0166.240] _ui64tow_s (in: _Value=0xe50, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3664") returned 0x0 [0166.245] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3664") returned 4 [0166.246] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.247] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.278] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe50) returned 0x280 [0166.278] GetLastError () returned 0x0 [0166.278] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.278] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.279] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.280] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.282] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.282] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.282] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.282] malloc (_Size=0x78) returned 0x2e29e534e70 [0166.282] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1968, lpBuffer=0x2e29e534e70, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.283] free (_Block=0x2e29e534e70) [0166.284] CloseHandle (hObject=0x280) returned 1 [0166.285] _ui64tow_s (in: _Value=0xe60, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3680") returned 0x0 [0166.293] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3680") returned 4 [0166.295] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.295] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.319] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe60) returned 0x280 [0166.319] GetLastError () returned 0x0 [0166.319] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.319] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.320] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.320] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x581c60, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.320] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5818f8, lpBuffer=0xe35bf7c370, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.321] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.322] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.323] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.323] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.323] malloc (_Size=0x44) returned 0x2e29e52ca70 [0166.323] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x581934, lpBuffer=0x2e29e52ca70, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ca70*, lpNumberOfBytesRead=0x0) returned 1 [0166.323] free (_Block=0x2e29e52ca70) [0166.324] CloseHandle (hObject=0x280) returned 1 [0166.325] _ui64tow_s (in: _Value=0xe70, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3696") returned 0x0 [0166.331] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3696") returned 4 [0166.333] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.333] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.360] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe70) returned 0x280 [0166.360] GetLastError () returned 0x0 [0166.360] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.360] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3ad018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.361] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.361] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.361] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x54, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.362] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.364] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.364] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3ad020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.364] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.365] malloc (_Size=0x5c) returned 0x2e29e530480 [0166.365] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x45194c, lpBuffer=0x2e29e530480, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0166.366] free (_Block=0x2e29e530480) [0166.366] CloseHandle (hObject=0x280) returned 1 [0166.367] _ui64tow_s (in: _Value=0xe7c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3708") returned 0x0 [0166.381] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3708") returned 4 [0166.385] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.385] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.434] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe7c) returned 0x280 [0166.434] GetLastError () returned 0x0 [0166.434] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3cb018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6e1cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.435] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6e18f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.436] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.438] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3cb020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.438] malloc (_Size=0x64) returned 0x2e29e530330 [0166.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6e1954, lpBuffer=0x2e29e530330, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0166.439] free (_Block=0x2e29e530330) [0166.440] CloseHandle (hObject=0x280) returned 1 [0166.443] _ui64tow_s (in: _Value=0xe88, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3720") returned 0x0 [0166.448] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3720") returned 4 [0166.450] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.450] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.468] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe88) returned 0x280 [0166.468] GetLastError () returned 0x0 [0166.469] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3a2018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f18f8, lpBuffer=0xe35bf7c370, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.470] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.472] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.472] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3a2020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.472] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.472] malloc (_Size=0x82) returned 0x2e29e534e70 [0166.472] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f1972, lpBuffer=0x2e29e534e70, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.473] free (_Block=0x2e29e534e70) [0166.474] CloseHandle (hObject=0x280) returned 1 [0166.529] _ui64tow_s (in: _Value=0xe94, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3732") returned 0x0 [0166.536] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3732") returned 4 [0166.537] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.538] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.563] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe94) returned 0x280 [0166.563] GetLastError () returned 0x0 [0166.564] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.564] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x30d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.564] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.564] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a1d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.564] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.598] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.600] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.600] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x30d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.600] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.600] malloc (_Size=0x7e) returned 0x2e29e534e70 [0166.600] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4a196e, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.601] free (_Block=0x2e29e534e70) [0166.602] CloseHandle (hObject=0x280) returned 1 [0166.602] _ui64tow_s (in: _Value=0xea0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3744") returned 0x0 [0166.608] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3744") returned 4 [0166.610] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.610] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.630] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xea0) returned 0x280 [0166.630] GetLastError () returned 0x0 [0166.630] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.630] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x284018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.630] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.630] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a1cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.631] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a18f8, lpBuffer=0xe35bf7c370, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.632] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.633] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.633] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x284020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.633] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.634] malloc (_Size=0x5e) returned 0x2e29e5302c0 [0166.634] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a194e, lpBuffer=0x2e29e5302c0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0166.634] free (_Block=0x2e29e5302c0) [0166.635] CloseHandle (hObject=0x280) returned 1 [0166.636] _ui64tow_s (in: _Value=0xeb0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3760") returned 0x0 [0166.642] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3760") returned 4 [0166.643] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.643] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.712] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeb0) returned 0x280 [0166.712] GetLastError () returned 0x0 [0166.712] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.713] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x56e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.713] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.713] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x741cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.713] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7418f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.715] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.717] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.717] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x56e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.717] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7412e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.717] malloc (_Size=0x66) returned 0x2e29e530330 [0166.717] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x741956, lpBuffer=0x2e29e530330, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0166.718] free (_Block=0x2e29e530330) [0166.719] CloseHandle (hObject=0x280) returned 1 [0166.720] _ui64tow_s (in: _Value=0xebc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3772") returned 0x0 [0166.766] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3772") returned 4 [0166.768] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.768] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.793] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xebc) returned 0x280 [0166.794] GetLastError () returned 0x0 [0166.794] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.794] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x244018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.794] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.794] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.794] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e18f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.796] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.797] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.797] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x244020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.798] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.798] malloc (_Size=0x74) returned 0x2e29e534e70 [0166.798] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5e1964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0166.799] free (_Block=0x2e29e534e70) [0166.799] CloseHandle (hObject=0x280) returned 1 [0166.853] _ui64tow_s (in: _Value=0xec8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3784") returned 0x0 [0166.861] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3784") returned 4 [0166.864] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.864] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.891] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec8) returned 0x280 [0166.891] GetLastError () returned 0x0 [0166.891] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.891] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x255018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.891] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.892] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.892] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.893] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.928] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.928] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x255020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.928] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.928] malloc (_Size=0x62) returned 0x2e29e530480 [0166.928] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501952, lpBuffer=0x2e29e530480, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0166.929] free (_Block=0x2e29e530480) [0166.930] CloseHandle (hObject=0x280) returned 1 [0166.931] _ui64tow_s (in: _Value=0xed8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3800") returned 0x0 [0166.938] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3800") returned 4 [0166.940] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0166.940] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0166.961] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xed8) returned 0x280 [0166.961] GetLastError () returned 0x0 [0166.961] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0166.962] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0166.962] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0166.962] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c1ca0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0166.962] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c18f8, lpBuffer=0xe35bf7c370, nSize=0x50, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0166.964] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0166.966] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0166.966] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0166.966] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0166.966] malloc (_Size=0x58) returned 0x2e29e536260 [0166.966] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c1948, lpBuffer=0x2e29e536260, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e536260*, lpNumberOfBytesRead=0x0) returned 1 [0166.967] free (_Block=0x2e29e536260) [0166.968] CloseHandle (hObject=0x280) returned 1 [0166.969] _ui64tow_s (in: _Value=0xee0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3808") returned 0x0 [0167.007] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3808") returned 4 [0167.009] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.010] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.034] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xee0) returned 0x280 [0167.034] GetLastError () returned 0x0 [0167.034] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.034] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x290018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.066] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.066] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d1cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.067] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.069] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.070] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.070] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x290020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.071] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.071] malloc (_Size=0x74) returned 0x2e29e534e70 [0167.071] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d1964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.072] free (_Block=0x2e29e534e70) [0167.072] CloseHandle (hObject=0x280) returned 1 [0167.073] _ui64tow_s (in: _Value=0xeec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3820") returned 0x0 [0167.079] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3820") returned 4 [0167.080] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.080] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.106] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x280 [0167.106] GetLastError () returned 0x0 [0167.106] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.106] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.106] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.107] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.107] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501958, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.108] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.110] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.110] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x39e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.110] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501340, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.110] malloc (_Size=0x62) returned 0x2e29e5302c0 [0167.110] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5019b2, lpBuffer=0x2e29e5302c0, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0167.111] free (_Block=0x2e29e5302c0) [0167.112] CloseHandle (hObject=0x280) returned 1 [0167.112] _ui64tow_s (in: _Value=0xef4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3828") returned 0x0 [0167.161] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3828") returned 4 [0167.162] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.162] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.181] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xef4) returned 0x280 [0167.182] GetLastError () returned 0x0 [0167.182] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.182] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x34d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.182] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.182] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.182] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.184] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.185] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.185] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x34d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.185] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.185] malloc (_Size=0x6c) returned 0x2e29e534e70 [0167.185] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5c195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.186] free (_Block=0x2e29e534e70) [0167.187] CloseHandle (hObject=0x280) returned 1 [0167.188] _ui64tow_s (in: _Value=0xf04, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3844") returned 0x0 [0167.234] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3844") returned 4 [0167.236] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.236] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.255] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf04) returned 0x280 [0167.255] GetLastError () returned 0x0 [0167.256] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.256] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x41f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.256] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.256] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7e1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.256] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7e18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.257] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.259] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.259] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x41f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.259] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.259] malloc (_Size=0x76) returned 0x2e29e534e70 [0167.259] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7e1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.261] free (_Block=0x2e29e534e70) [0167.262] CloseHandle (hObject=0x280) returned 1 [0167.263] _ui64tow_s (in: _Value=0xf14, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3860") returned 0x0 [0167.308] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3860") returned 4 [0167.309] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.309] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.328] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf14) returned 0x280 [0167.328] GetLastError () returned 0x0 [0167.328] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.329] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e9018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.329] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.329] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.329] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.331] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.343] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.344] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e9020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.344] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.344] malloc (_Size=0x6c) returned 0x2e29e534e70 [0167.344] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.345] free (_Block=0x2e29e534e70) [0167.346] CloseHandle (hObject=0x280) returned 1 [0167.347] _ui64tow_s (in: _Value=0xf1c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3868") returned 0x0 [0167.352] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3868") returned 4 [0167.353] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.353] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.392] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x280 [0167.392] GetLastError () returned 0x0 [0167.392] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.392] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5fc018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.392] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.393] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x271cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.393] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2718f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.394] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.396] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.396] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5fc020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.396] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.396] malloc (_Size=0x64) returned 0x2e29e52ff40 [0167.396] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x271954, lpBuffer=0x2e29e52ff40, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0167.397] free (_Block=0x2e29e52ff40) [0167.398] CloseHandle (hObject=0x280) returned 1 [0167.399] _ui64tow_s (in: _Value=0xf24, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3876") returned 0x0 [0167.405] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3876") returned 4 [0167.406] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.406] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.433] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x280 [0167.433] GetLastError () returned 0x0 [0167.433] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.434] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.436] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.437] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.437] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.437] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.438] malloc (_Size=0x7a) returned 0x2e29e534e70 [0167.438] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f196a, lpBuffer=0x2e29e534e70, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.439] free (_Block=0x2e29e534e70) [0167.440] CloseHandle (hObject=0x280) returned 1 [0167.440] _ui64tow_s (in: _Value=0xf3c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3900") returned 0x0 [0167.448] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3900") returned 4 [0167.450] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.450] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.471] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf3c) returned 0x280 [0167.471] GetLastError () returned 0x0 [0167.471] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.471] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2dc018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.471] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.471] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d1cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.472] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.474] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.475] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.475] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2dc020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.476] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.476] malloc (_Size=0x64) returned 0x2e29e52ffb0 [0167.476] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5d1954, lpBuffer=0x2e29e52ffb0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ffb0*, lpNumberOfBytesRead=0x0) returned 1 [0167.477] free (_Block=0x2e29e52ffb0) [0167.477] CloseHandle (hObject=0x280) returned 1 [0167.478] _ui64tow_s (in: _Value=0xf44, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3908") returned 0x0 [0167.482] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3908") returned 4 [0167.484] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.484] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.508] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf44) returned 0x280 [0167.508] GetLastError () returned 0x0 [0167.508] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.508] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x24b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.508] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.509] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.509] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a18f8, lpBuffer=0xe35bf7c370, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.510] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.511] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.511] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x24b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.512] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.512] malloc (_Size=0x6a) returned 0x2e29e534e70 [0167.512] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5a195a, lpBuffer=0x2e29e534e70, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.513] free (_Block=0x2e29e534e70) [0167.514] CloseHandle (hObject=0x280) returned 1 [0167.514] _ui64tow_s (in: _Value=0xf50, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3920") returned 0x0 [0167.520] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3920") returned 4 [0167.522] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.522] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.543] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf50) returned 0x280 [0167.543] GetLastError () returned 0x0 [0167.543] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.543] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x297018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.544] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.544] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.544] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f18f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.545] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.547] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.547] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x297020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.547] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.547] malloc (_Size=0x66) returned 0x2e29e5302c0 [0167.547] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4f1956, lpBuffer=0x2e29e5302c0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0167.548] free (_Block=0x2e29e5302c0) [0167.549] CloseHandle (hObject=0x280) returned 1 [0167.550] _ui64tow_s (in: _Value=0xf58, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3928") returned 0x0 [0167.561] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3928") returned 4 [0167.563] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.563] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.580] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf58) returned 0x280 [0167.580] GetLastError () returned 0x0 [0167.580] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.581] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.581] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.581] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4d1c80, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.581] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4d18f8, lpBuffer=0xe35bf7c370, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.582] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.584] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.584] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.584] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.584] malloc (_Size=0x50) returned 0x2e29e536080 [0167.584] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4d1940, lpBuffer=0x2e29e536080, nSize=0x4e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e536080*, lpNumberOfBytesRead=0x0) returned 1 [0167.585] free (_Block=0x2e29e536080) [0167.586] CloseHandle (hObject=0x280) returned 1 [0167.586] _ui64tow_s (in: _Value=0xf6c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3948") returned 0x0 [0167.592] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3948") returned 4 [0167.593] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.593] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.615] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf6c) returned 0x280 [0167.615] GetLastError () returned 0x0 [0167.615] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.615] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.616] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.616] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x601d50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.616] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6018f8, lpBuffer=0xe35bf7c370, nSize=0x8c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.617] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.618] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.619] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x20d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.619] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x6012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.619] malloc (_Size=0x94) returned 0x2e29e534e70 [0167.619] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x601984, lpBuffer=0x2e29e534e70, nSize=0x92, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.619] free (_Block=0x2e29e534e70) [0167.620] CloseHandle (hObject=0x280) returned 1 [0167.621] _ui64tow_s (in: _Value=0xf78, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3960") returned 0x0 [0167.627] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3960") returned 4 [0167.629] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.629] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.651] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf78) returned 0x280 [0167.651] GetLastError () returned 0x0 [0167.652] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.652] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.652] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.652] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x511cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.652] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5118f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.653] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.655] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.655] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.655] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5112e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.655] malloc (_Size=0x74) returned 0x2e29e534e70 [0167.655] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x511964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.656] free (_Block=0x2e29e534e70) [0167.657] CloseHandle (hObject=0x280) returned 1 [0167.657] _ui64tow_s (in: _Value=0xf84, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3972") returned 0x0 [0167.663] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3972") returned 4 [0167.665] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.665] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.681] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf84) returned 0x280 [0167.681] GetLastError () returned 0x0 [0167.681] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.681] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3db018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.682] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.682] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x461cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.682] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4618f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.683] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.684] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.684] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3db020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.685] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4612e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.685] malloc (_Size=0x74) returned 0x2e29e534e70 [0167.685] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x461964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.685] free (_Block=0x2e29e534e70) [0167.686] CloseHandle (hObject=0x280) returned 1 [0167.687] _ui64tow_s (in: _Value=0xf8c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3980") returned 0x0 [0167.695] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3980") returned 4 [0167.696] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.696] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.714] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf8c) returned 0x280 [0167.714] GetLastError () returned 0x0 [0167.715] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.715] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x274018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.715] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.715] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x491cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.715] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4918f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.716] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.718] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.718] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x274020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.718] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.718] malloc (_Size=0x74) returned 0x2e29e534e70 [0167.718] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x491964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.719] free (_Block=0x2e29e534e70) [0167.719] CloseHandle (hObject=0x280) returned 1 [0167.720] _ui64tow_s (in: _Value=0xf9c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3996") returned 0x0 [0167.725] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3996") returned 4 [0167.726] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.726] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.745] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf9c) returned 0x280 [0167.745] GetLastError () returned 0x0 [0167.745] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.745] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x34d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.746] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.746] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x421cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.746] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4218f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.747] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.749] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.749] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x34d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.749] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4212e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.749] malloc (_Size=0x68) returned 0x2e29e52ff40 [0167.749] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x421958, lpBuffer=0x2e29e52ff40, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0167.750] free (_Block=0x2e29e52ff40) [0167.750] CloseHandle (hObject=0x280) returned 1 [0167.751] _ui64tow_s (in: _Value=0xfa4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4004") returned 0x0 [0167.757] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4004") returned 4 [0167.758] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.758] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.775] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfa4) returned 0x280 [0167.775] GetLastError () returned 0x0 [0167.775] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.775] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x270018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.776] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.776] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x471d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.776] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4718f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.777] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.778] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.778] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x270020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.778] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.779] malloc (_Size=0x86) returned 0x2e29e534e70 [0167.779] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x471976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.779] free (_Block=0x2e29e534e70) [0167.780] CloseHandle (hObject=0x280) returned 1 [0167.781] _ui64tow_s (in: _Value=0xfb4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4020") returned 0x0 [0167.791] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4020") returned 4 [0167.794] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.794] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.828] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfb4) returned 0x280 [0167.828] GetLastError () returned 0x0 [0167.828] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.828] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.828] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.829] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.829] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.830] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.831] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.831] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2d3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.831] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.831] malloc (_Size=0x6c) returned 0x2e29e534e70 [0167.831] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.832] free (_Block=0x2e29e534e70) [0167.833] CloseHandle (hObject=0x280) returned 1 [0167.833] _ui64tow_s (in: _Value=0xfbc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4028") returned 0x0 [0167.838] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4028") returned 4 [0167.840] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.840] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.858] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x280 [0167.858] GetLastError () returned 0x0 [0167.858] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.858] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3a7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.858] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.859] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x521d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.859] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5218f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.860] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.863] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.863] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3a7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.863] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5212e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.863] malloc (_Size=0x86) returned 0x2e29e534e70 [0167.863] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x521976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.864] free (_Block=0x2e29e534e70) [0167.865] CloseHandle (hObject=0x280) returned 1 [0167.865] _ui64tow_s (in: _Value=0xfd0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4048") returned 0x0 [0167.871] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4048") returned 4 [0167.872] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.872] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.912] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfd0) returned 0x280 [0167.912] GetLastError () returned 0x0 [0167.912] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.912] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x547018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.912] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.912] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e1c70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.913] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.914] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.915] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.915] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x547020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.915] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.915] malloc (_Size=0x4a) returned 0x2e29e535900 [0167.915] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e193a, lpBuffer=0x2e29e535900, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e535900*, lpNumberOfBytesRead=0x0) returned 1 [0167.916] free (_Block=0x2e29e535900) [0167.916] CloseHandle (hObject=0x280) returned 1 [0167.918] _ui64tow_s (in: _Value=0xfd8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4056") returned 0x0 [0167.925] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4056") returned 4 [0167.926] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.926] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.943] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfd8) returned 0x280 [0167.943] GetLastError () returned 0x0 [0167.943] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.943] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x226018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.944] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.944] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x471cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.944] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4718f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.945] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.946] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.946] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x226020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.946] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.946] malloc (_Size=0x66) returned 0x2e29e5302c0 [0167.947] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x471956, lpBuffer=0x2e29e5302c0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5302c0*, lpNumberOfBytesRead=0x0) returned 1 [0167.947] free (_Block=0x2e29e5302c0) [0167.948] CloseHandle (hObject=0x280) returned 1 [0167.953] _ui64tow_s (in: _Value=0xfe8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4072") returned 0x0 [0167.957] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4072") returned 4 [0167.958] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.958] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0167.975] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfe8) returned 0x280 [0167.975] GetLastError () returned 0x0 [0167.975] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0167.975] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x515018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0167.975] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0167.976] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x231d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0167.976] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2318f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0167.977] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0167.978] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0167.978] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x515020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0167.978] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2312e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0167.978] malloc (_Size=0x76) returned 0x2e29e534e70 [0167.978] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x231966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0167.979] free (_Block=0x2e29e534e70) [0167.980] CloseHandle (hObject=0x280) returned 1 [0167.981] _ui64tow_s (in: _Value=0xff0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4080") returned 0x0 [0167.986] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4080") returned 4 [0167.987] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0167.987] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.009] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xff0) returned 0x280 [0168.009] GetLastError () returned 0x0 [0168.009] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.009] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3d1018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.009] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.010] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.010] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.012] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.014] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.014] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3d1020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.014] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.014] malloc (_Size=0x7e) returned 0x2e29e534e70 [0168.014] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x45196e, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.015] free (_Block=0x2e29e534e70) [0168.016] CloseHandle (hObject=0x280) returned 1 [0168.016] _ui64tow_s (in: _Value=0xffc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4092") returned 0x0 [0168.023] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4092") returned 4 [0168.024] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.025] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xffc) returned 0x280 [0168.049] GetLastError () returned 0x0 [0168.049] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.049] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.050] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.050] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.050] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.052] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.053] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.053] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x26f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.053] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.054] malloc (_Size=0x6c) returned 0x2e29e534e70 [0168.054] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1c195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.054] free (_Block=0x2e29e534e70) [0168.055] CloseHandle (hObject=0x280) returned 1 [0168.128] _ui64tow_s (in: _Value=0x1004, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4100") returned 0x0 [0168.134] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4100") returned 4 [0168.136] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.136] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.158] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1004) returned 0x280 [0168.158] GetLastError () returned 0x0 [0168.158] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.159] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.159] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.159] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.159] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.160] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.162] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.162] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x25e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.162] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.162] malloc (_Size=0x6e) returned 0x2e29e534e70 [0168.162] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x50195e, lpBuffer=0x2e29e534e70, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.163] free (_Block=0x2e29e534e70) [0168.164] CloseHandle (hObject=0x280) returned 1 [0168.164] _ui64tow_s (in: _Value=0x1014, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4116") returned 0x0 [0168.199] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4116") returned 4 [0168.200] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.200] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.221] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1014) returned 0x280 [0168.221] GetLastError () returned 0x0 [0168.221] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.221] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x321018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.222] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.222] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x571d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.222] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5718f8, lpBuffer=0xe35bf7c370, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.223] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.225] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.225] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x321020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.225] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.225] malloc (_Size=0x90) returned 0x2e29e534e70 [0168.226] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x571980, lpBuffer=0x2e29e534e70, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.226] free (_Block=0x2e29e534e70) [0168.228] CloseHandle (hObject=0x280) returned 1 [0168.228] _ui64tow_s (in: _Value=0x101c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4124") returned 0x0 [0168.277] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4124") returned 4 [0168.279] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.279] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.296] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x101c) returned 0x280 [0168.296] GetLastError () returned 0x0 [0168.296] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.296] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.296] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.296] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x481d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.296] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4818f8, lpBuffer=0xe35bf7c370, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.297] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.299] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.299] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x21f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.299] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.299] malloc (_Size=0x80) returned 0x2e29e534e70 [0168.299] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x481970, lpBuffer=0x2e29e534e70, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.300] free (_Block=0x2e29e534e70) [0168.301] CloseHandle (hObject=0x280) returned 1 [0168.301] _ui64tow_s (in: _Value=0x1030, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4144") returned 0x0 [0168.306] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4144") returned 4 [0168.354] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.354] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.370] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1030) returned 0x280 [0168.370] GetLastError () returned 0x0 [0168.370] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.370] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x29d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.370] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.371] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451d50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.371] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.372] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.373] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.373] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x29d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.373] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.373] malloc (_Size=0x92) returned 0x2e29e534e70 [0168.373] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x451982, lpBuffer=0x2e29e534e70, nSize=0x90, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.374] free (_Block=0x2e29e534e70) [0168.374] CloseHandle (hObject=0x280) returned 1 [0168.375] _ui64tow_s (in: _Value=0x1038, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4152") returned 0x0 [0168.379] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4152") returned 4 [0168.380] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.380] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.397] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1038) returned 0x280 [0168.397] GetLastError () returned 0x0 [0168.397] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.397] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2f5018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.397] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.398] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e1d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.398] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.399] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.400] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.400] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2f5020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.400] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.400] malloc (_Size=0x8a) returned 0x2e29e534e70 [0168.400] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1e197a, lpBuffer=0x2e29e534e70, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.401] free (_Block=0x2e29e534e70) [0168.442] CloseHandle (hObject=0x280) returned 1 [0168.442] _ui64tow_s (in: _Value=0x1048, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4168") returned 0x0 [0168.446] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4168") returned 4 [0168.448] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.448] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.466] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1048) returned 0x280 [0168.466] GetLastError () returned 0x0 [0168.466] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.466] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.466] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.467] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.467] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.468] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.469] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x22b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.469] malloc (_Size=0x76) returned 0x2e29e534e70 [0168.469] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5f1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.470] free (_Block=0x2e29e534e70) [0168.471] CloseHandle (hObject=0x280) returned 1 [0168.471] _ui64tow_s (in: _Value=0x1054, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4180") returned 0x0 [0168.476] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4180") returned 4 [0168.477] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.477] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.524] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1054) returned 0x280 [0168.524] GetLastError () returned 0x0 [0168.524] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.524] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3f6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.525] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.525] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.525] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.526] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.528] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.528] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x3f6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.528] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.528] malloc (_Size=0x74) returned 0x2e29e534e70 [0168.528] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x501964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.529] free (_Block=0x2e29e534e70) [0168.530] CloseHandle (hObject=0x280) returned 1 [0168.530] _ui64tow_s (in: _Value=0x105c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4188") returned 0x0 [0168.534] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4188") returned 4 [0168.535] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.535] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.552] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x105c) returned 0x280 [0168.552] GetLastError () returned 0x0 [0168.552] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.552] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x517018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.552] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.553] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.553] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.554] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.555] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x517020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.555] malloc (_Size=0x84) returned 0x2e29e534e70 [0168.555] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1d1974, lpBuffer=0x2e29e534e70, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.556] free (_Block=0x2e29e534e70) [0168.557] CloseHandle (hObject=0x280) returned 1 [0168.596] _ui64tow_s (in: _Value=0x1134, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4404") returned 0x0 [0168.600] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4404") returned 4 [0168.601] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.601] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.617] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1134) returned 0x280 [0168.617] GetLastError () returned 0x0 [0168.618] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.618] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x277018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.618] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.618] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x511e40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.618] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5119f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.619] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.621] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.621] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x277020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.621] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x5113e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.621] malloc (_Size=0xbc) returned 0x2e29e534e70 [0168.621] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x511a64, lpBuffer=0x2e29e534e70, nSize=0xba, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.622] free (_Block=0x2e29e534e70) [0168.622] CloseHandle (hObject=0x280) returned 1 [0168.623] _ui64tow_s (in: _Value=0x1184, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4484") returned 0x0 [0168.627] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4484") returned 4 [0168.628] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.628] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.683] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1184) returned 0x280 [0168.683] GetLastError () returned 0x0 [0168.683] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.683] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe35ba50018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.683] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.683] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e29dc41bd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.683] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e29dc41818, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.684] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.685] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.685] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xe35ba50020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.685] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e29dc41200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.685] malloc (_Size=0x76) returned 0x2e29e5331b0 [0168.685] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2e29dc41864, lpBuffer=0x2e29e5331b0, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0168.686] free (_Block=0x2e29e5331b0) [0168.688] CloseHandle (hObject=0x280) returned 1 [0168.688] _ui64tow_s (in: _Value=0x12ec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4844") returned 0x0 [0168.692] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4844") returned 4 [0168.694] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.694] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.709] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12ec) returned 0x280 [0168.709] GetLastError () returned 0x0 [0168.709] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.709] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xef057d7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.709] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.709] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2779aa01c60, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.710] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2779aa018c8, lpBuffer=0xe35bf7c370, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.710] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.711] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.712] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xef057d7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.712] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2779aa012b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.712] malloc (_Size=0x54) returned 0x2e29e5580c0 [0168.712] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2779aa01910, lpBuffer=0x2e29e5580c0, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5580c0*, lpNumberOfBytesRead=0x0) returned 1 [0168.713] free (_Block=0x2e29e5580c0) [0168.716] CloseHandle (hObject=0x280) returned 1 [0168.717] _ui64tow_s (in: _Value=0x1094, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4244") returned 0x0 [0168.789] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4244") returned 4 [0168.792] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.792] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.810] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1094) returned 0x0 [0168.810] CloseHandle (hObject=0x0) returned 0 [0168.810] _ui64tow_s (in: _Value=0x234, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="564") returned 0x0 [0168.815] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="564") returned 3 [0168.816] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.816] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.832] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x234) returned 0x280 [0168.832] GetLastError () returned 0x0 [0168.832] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.832] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2da018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.832] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.832] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f1d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.833] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f1918, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.839] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.840] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.840] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x2da020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.840] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f1300, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.840] malloc (_Size=0x72) returned 0x2e29e534e70 [0168.840] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x1f1984, lpBuffer=0x2e29e534e70, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.841] free (_Block=0x2e29e534e70) [0168.843] CloseHandle (hObject=0x280) returned 1 [0168.845] _ui64tow_s (in: _Value=0x1284, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4740") returned 0x0 [0168.856] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4740") returned 4 [0168.858] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0168.858] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0168.890] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1284) returned 0x280 [0168.890] GetLastError () returned 0x0 [0168.890] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0168.890] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xefb981f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0168.891] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0168.891] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x27dfbe03670, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0168.891] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x27dfbe032b4, lpBuffer=0xe35bf7c370, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0168.892] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0168.893] NtQueryInformationProcess (in: ProcessHandle=0x280, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0168.893] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0xefb981f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0168.894] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x27dfbe02c20, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0168.894] malloc (_Size=0xda) returned 0x2e29e534e70 [0168.894] ReadProcessMemory (in: hProcess=0x280, lpBaseAddress=0x27dfbe0330a, lpBuffer=0x2e29e534e70, nSize=0xd8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0168.894] free (_Block=0x2e29e534e70) [0168.895] CloseHandle (hObject=0x280) returned 1 [0168.897] free (_Block=0x2e29e537160) [0168.910] malloc (_Size=0x48) returned 0x2e29e52c5c0 [0168.910] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bf7d4c0 | out: lpSystemTimeAsFileTime=0xe35bf7d4c0*(dwLowDateTime=0x4e149ce0, dwHighDateTime=0x1d9d730)) [0168.911] SetEvent (hEvent=0x258) returned 1 [0168.921] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x4) returned 0x2e29dc682d0 [0168.921] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dc682d0, pulNumLanguages=0xe35bf7dfb0 | out: pulNumLanguages=0xe35bf7dfb0) returned 1 [0168.921] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc682d0) returned 1 [0168.921] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc683c0) returned 1 [0169.416] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0169.486] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0169.486] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7de00 | out: pulNumLanguages=0xe35bf7df08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7de00) returned 1 [0169.486] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dc682d0 [0169.486] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0169.486] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7df08, pwszLanguagesBuffer=0x2e29dc682d0, pcchLanguagesBuffer=0xe35bf7de00 | out: pulNumLanguages=0xe35bf7df08, pwszLanguagesBuffer=0x2e29dc682d0, pcchLanguagesBuffer=0xe35bf7de00) returned 1 [0169.486] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dc68310 [0169.486] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc682d0) returned 1 [0169.486] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x14) returned 0x2e29dca7c90 [0169.486] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dca7c90, pulNumLanguages=0xe35bf7df08 | out: pulNumLanguages=0xe35bf7df08) returned 1 [0169.486] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dca7c90) returned 1 [0169.489] malloc (_Size=0x600) returned 0x2e29e558180 [0169.489] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xe35bf7d5e8 | out: Buffer=0x0, ReturnedLength=0xe35bf7d5e8) returned 0 [0169.489] GetLastError () returned 0x7a [0169.490] malloc (_Size=0x250) returned 0x2e29e536d60 [0169.490] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x2e29e536d60, ReturnedLength=0xe35bf7d5e8 | out: Buffer=0x2e29e536d60, ReturnedLength=0xe35bf7d5e8) returned 1 [0169.490] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0169.490] GetMaximumProcessorGroupCount () returned 0x1 [0169.490] malloc (_Size=0x40) returned 0x2e29e52ca20 [0169.490] malloc (_Size=0x40) returned 0x2e29e52ca70 [0169.490] malloc (_Size=0x8) returned 0x2e29e536cf0 [0169.490] memcpy (in: _Dst=0x2e29e52ca20, _Src=0x2e29e536d80, _Size=0x10 | out: _Dst=0x2e29e52ca20) returned 0x2e29e52ca20 [0169.497] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0169.497] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xe35bf7d5e0, InputBufferLength=0x2, OutputBuffer=0x2e29e558180, OutputBufferLength=0x60 | out: OutputBuffer=0x2e29e558180) returned 0x0 [0169.497] _vsnwprintf (in: _Buffer=0xe35bf7d480, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xe35bf7cd78 | out: _Buffer="CPU0") returned 4 [0169.499] GetCurrentThread () returned 0xfffffffffffffffe [0169.499] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xe35bf7ccd0, PreviousGroupAffinity=0xe35bf7cce0 | out: PreviousGroupAffinity=0xe35bf7cce0) returned 1 [0169.499] GetSystemInfo (in: lpSystemInfo=0xe35bf7ce10 | out: lpSystemInfo=0xe35bf7ce10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x6a06)) [0169.499] mbstowcs (in: _Dest=0xe35bf7d098, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0169.499] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0169.501] mbstowcs (in: _Dest=0xe35bf7cf08, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0169.501] GetCurrentThread () returned 0xfffffffffffffffe [0169.501] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xe35bf7cce0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0169.506] LoadStringW (in: hInstance=0x7ffa5f360000, uID=0x2c, lpBuffer=0xe35bf7cae0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0172.220] malloc (_Size=0x35140) returned 0x2e29e55a1c0 [0172.232] _wtoi (_String="238") returned 238 [0172.232] _wtoi (_String="6") returned 6 [0172.232] _itow (in: _Dest=0x0, _Radix=1542968240 | out: _Dest=0x0) returned="0" [0172.232] _itow (in: _Dest=0xee, _Radix=1542966528 | out: _Dest=0xee) returned="238" [0172.233] malloc (_Size=0x4000) returned 0x2e29e58f310 [0172.233] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x2e29e58f310, lpcbData=0xe35bf7ccd4*=0x4000 | out: lpType=0x0, lpData=0x2e29e58f310*=0x50, lpcbData=0xe35bf7ccd4*=0x600) returned 0x0 [0172.257] free (_Block=0x2e29e58f310) [0172.257] Sleep (dwMilliseconds=0x3e8) [0173.264] _itow (in: _Dest=0xee, _Radix=1542966528 | out: _Dest=0xee) returned="238" [0173.264] malloc (_Size=0x4000) returned 0x2e29e58f310 [0173.264] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x2e29e58f310, lpcbData=0xe35bf7ccd4*=0x4000 | out: lpType=0x0, lpData=0x2e29e58f310*=0x50, lpcbData=0xe35bf7ccd4*=0x600) returned 0x0 [0173.324] free (_Block=0x2e29e58f310) [0173.327] free (_Block=0x2e29e55a1c0) [0173.335] _vsnwprintf (in: _Buffer=0xe35bf7d3b0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0xe35bf7cd78 | out: _Buffer="0F8BFBFF000606A6") returned 16 [0173.339] lstrlenW (lpString=" 0") returned 2 [0173.339] lstrlenW (lpString="Intel(R) Xeon(R) Silver 4314 CPU @ 2.40GHz") returned 42 [0173.340] lstrlenW (lpString="") returned 0 [0173.340] lstrlenW (lpString="") returned 0 [0173.341] lstrlenW (lpString="") returned 0 [0173.344] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0173.345] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0173.346] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0173.346] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0173.346] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0173.346] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0173.346] _vsnwprintf (in: _Buffer=0xe35bf7d670, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xe35bf7d5b8 | out: _Buffer="CPU0") returned 4 [0173.348] free (_Block=0x2e29e536cf0) [0173.348] free (_Block=0x2e29e52ca70) [0173.348] free (_Block=0x2e29e52ca20) [0173.349] free (_Block=0x2e29e536d60) [0173.349] free (_Block=0x2e29e558180) [0173.402] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x4) returned 0x2e29dd09210 [0173.403] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dd09210, pulNumLanguages=0xe35bf7dfb0 | out: pulNumLanguages=0xe35bf7dfb0) returned 1 [0173.403] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dd09210) returned 1 [0173.403] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dc68310) returned 1 [0173.669] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0173.886] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0178.216] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0178.326] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0178.327] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7dde0 | out: pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xe35bf7dde0) returned 1 [0178.327] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dd09460 [0178.327] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0178.327] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x2e29dd09460, pcchLanguagesBuffer=0xe35bf7dde0 | out: pulNumLanguages=0xe35bf7dee8, pwszLanguagesBuffer=0x2e29dd09460, pcchLanguagesBuffer=0xe35bf7dde0) returned 1 [0178.327] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x8) returned 0x2e29dd093a0 [0178.327] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dd09460) returned 1 [0178.327] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x14) returned 0x2e29dca7a90 [0178.327] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dca7a90, pulNumLanguages=0xe35bf7dee8 | out: pulNumLanguages=0xe35bf7dee8) returned 1 [0178.327] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dca7a90) returned 1 [0178.384] SetEvent (hEvent=0x258) returned 1 [0178.385] free (_Block=0x2e29e52c5c0) [0178.385] GetCurrentThread () returned 0xfffffffffffffffe [0178.385] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x28, OpenAsSelf=1, TokenHandle=0xe35bf7d450 | out: TokenHandle=0xe35bf7d450*=0x274) returned 1 [0178.385] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xe35bf7d48c | out: lpLuid=0xe35bf7d48c*(LowPart=0x14, HighPart=0)) returned 1 [0178.386] RtlRestoreLastWin32Error () returned 0xe35ba61000 [0178.386] AdjustTokenPrivileges (in: TokenHandle=0x274, DisableAllPrivileges=0, NewState=0xe35bf7d488*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0178.386] GetLastError () returned 0x0 [0178.386] CloseHandle (hObject=0x274) returned 1 [0178.387] malloc (_Size=0x8000) returned 0x2e29e537160 [0178.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e537160, Length=0x8000, ResultLength=0x0 | out: SystemInformation=0x2e29e537160, ResultLength=0x0) returned 0xc0000004 [0178.388] free (_Block=0x2e29e537160) [0178.390] malloc (_Size=0x10000) returned 0x2e29e537160 [0178.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e537160, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e29e537160, ResultLength=0x0) returned 0xc0000004 [0178.393] free (_Block=0x2e29e537160) [0178.395] malloc (_Size=0x18000) returned 0x2e29e537160 [0178.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e537160, Length=0x18000, ResultLength=0x0 | out: SystemInformation=0x2e29e537160, ResultLength=0x0) returned 0xc0000004 [0178.403] free (_Block=0x2e29e537160) [0178.403] malloc (_Size=0x20000) returned 0x2e29e537160 [0178.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e29e537160, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x2e29e537160, ResultLength=0x0) returned 0x0 [0178.460] _ui64tow_s (in: _Value=0x0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="0") returned 0x0 [0178.465] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="0") returned 1 [0178.466] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x33, dwBuildNumber=0x0, dwPlatformId=0x6, szCSDVersion="\n") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.466] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.484] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0178.484] CloseHandle (hObject=0x0) returned 0 [0178.485] _ui64tow_s (in: _Value=0x4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4") returned 0x0 [0178.489] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4") returned 1 [0178.491] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.491] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.545] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0178.545] CloseHandle (hObject=0x0) returned 0 [0178.546] _ui64tow_s (in: _Value=0x134, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="308") returned 0x0 [0178.550] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="308") returned 3 [0178.551] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.551] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.567] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x134) returned 0x0 [0178.567] CloseHandle (hObject=0x0) returned 0 [0178.568] _ui64tow_s (in: _Value=0x180, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="384") returned 0x0 [0178.572] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="384") returned 3 [0178.573] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.573] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.598] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x180) returned 0x0 [0178.598] CloseHandle (hObject=0x0) returned 0 [0178.599] _ui64tow_s (in: _Value=0x1bc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="444") returned 0x0 [0178.603] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="444") returned 3 [0178.604] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.604] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.620] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1bc) returned 0x0 [0178.621] CloseHandle (hObject=0x0) returned 0 [0178.621] _ui64tow_s (in: _Value=0x1c4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="452") returned 0x0 [0178.627] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="452") returned 3 [0178.628] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.628] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.645] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c4) returned 0x0 [0178.645] CloseHandle (hObject=0x0) returned 0 [0178.645] _ui64tow_s (in: _Value=0x1f8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="504") returned 0x0 [0178.650] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="504") returned 3 [0178.651] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.651] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.668] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1f8) returned 0x274 [0178.668] GetLastError () returned 0x0 [0178.668] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xff2cd3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x12f29b416a0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x12f29b413b0, lpBuffer=0xe35bf7c370, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.669] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.671] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xff2cd3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x12f29b40d90, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.671] malloc (_Size=0x1c) returned 0x2e29e559f10 [0178.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x12f29b413f2, lpBuffer=0x2e29e559f10, nSize=0x1a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e559f10*, lpNumberOfBytesRead=0x0) returned 1 [0178.671] free (_Block=0x2e29e559f10) [0178.673] CloseHandle (hObject=0x274) returned 1 [0178.673] _ui64tow_s (in: _Value=0x210, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="528") returned 0x0 [0178.678] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="528") returned 3 [0178.679] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.679] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.695] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x210) returned 0x0 [0178.695] CloseHandle (hObject=0x0) returned 0 [0178.696] _ui64tow_s (in: _Value=0x218, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="536") returned 0x0 [0178.701] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="536") returned 3 [0178.702] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.702] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.723] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x218) returned 0x274 [0178.723] GetLastError () returned 0x0 [0178.723] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.723] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x70fe507018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.723] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.723] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2210d6032b0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.723] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2210d602f08, lpBuffer=0xe35bf7c370, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.724] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.725] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.726] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x70fe507020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.726] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2210d6028f0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.726] malloc (_Size=0x3e) returned 0x2e29e52ca20 [0178.726] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2210d602f44, lpBuffer=0x2e29e52ca20, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.726] free (_Block=0x2e29e52ca20) [0178.727] CloseHandle (hObject=0x274) returned 1 [0178.728] _ui64tow_s (in: _Value=0x270, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="624") returned 0x0 [0178.732] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="624") returned 3 [0178.734] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.734] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.752] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x270) returned 0x274 [0178.752] GetLastError () returned 0x0 [0178.752] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.753] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4bd4bbe018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.753] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.753] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x218a64033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.753] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x218a6403048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.754] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.755] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.755] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4bd4bbe020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.755] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x218a6402a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.755] malloc (_Size=0x5e) returned 0x2e29e530090 [0178.755] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x218a6403088, lpBuffer=0x2e29e530090, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530090*, lpNumberOfBytesRead=0x0) returned 1 [0178.756] free (_Block=0x2e29e530090) [0178.757] CloseHandle (hObject=0x274) returned 1 [0178.758] _ui64tow_s (in: _Value=0x290, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="656") returned 0x0 [0178.762] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="656") returned 3 [0178.763] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.763] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.779] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x290) returned 0x274 [0178.779] GetLastError () returned 0x0 [0178.779] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.779] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xeb3c623018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.779] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.779] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b56103450, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.780] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b561030c8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.781] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.782] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.782] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xeb3c623020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.782] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b56102ab0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.782] malloc (_Size=0x54) returned 0x2e29e5572e0 [0178.782] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b56103108, lpBuffer=0x2e29e5572e0, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5572e0*, lpNumberOfBytesRead=0x0) returned 1 [0178.783] free (_Block=0x2e29e5572e0) [0178.784] CloseHandle (hObject=0x274) returned 1 [0178.784] _ui64tow_s (in: _Value=0x328, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="808") returned 0x0 [0178.789] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="808") returned 3 [0178.790] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.790] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.806] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x328) returned 0x274 [0178.806] GetLastError () returned 0x0 [0178.807] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x68a768d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20fc12119f0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20fc12116e8, lpBuffer=0xe35bf7c370, nSize=0x38, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.808] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.809] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.809] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x68a768d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.809] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20fc12110d0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.810] malloc (_Size=0x16) returned 0x2e29e531b60 [0178.810] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20fc1211720, lpBuffer=0x2e29e531b60, nSize=0x14, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e531b60*, lpNumberOfBytesRead=0x0) returned 1 [0178.810] free (_Block=0x2e29e531b60) [0178.810] CloseHandle (hObject=0x274) returned 1 [0178.811] _ui64tow_s (in: _Value=0x358, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="856") returned 0x0 [0178.816] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="856") returned 3 [0178.818] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.818] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.834] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x358) returned 0x274 [0178.834] GetLastError () returned 0x0 [0178.834] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.834] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe58887a018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.835] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.835] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28611e033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.835] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28611e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.836] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.837] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.838] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe58887a020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.838] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28611e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.838] malloc (_Size=0x58) returned 0x2e29e5573a0 [0178.838] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28611e03088, lpBuffer=0x2e29e5573a0, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5573a0*, lpNumberOfBytesRead=0x0) returned 1 [0178.839] free (_Block=0x2e29e5573a0) [0178.839] CloseHandle (hObject=0x274) returned 1 [0178.840] _ui64tow_s (in: _Value=0x368, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="872") returned 0x0 [0178.845] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="872") returned 3 [0178.846] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.846] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.865] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x368) returned 0x274 [0178.865] GetLastError () returned 0x0 [0178.866] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.866] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xb23a8e3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.866] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.866] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25329703480, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.866] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x253297030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.867] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.868] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.868] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xb23a8e3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.869] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25329702ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.869] malloc (_Size=0x74) returned 0x2e29e5331b0 [0178.869] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25329703118, lpBuffer=0x2e29e5331b0, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0178.869] free (_Block=0x2e29e5331b0) [0178.870] CloseHandle (hObject=0x274) returned 1 [0178.871] _ui64tow_s (in: _Value=0x38c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="908") returned 0x0 [0178.875] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="908") returned 3 [0178.876] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.876] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.892] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x38c) returned 0x274 [0178.892] GetLastError () returned 0x0 [0178.893] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.893] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x849e247018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.893] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.893] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a5e3103490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.893] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a5e31030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.894] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.895] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.895] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x849e247020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.895] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a5e3102ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.896] malloc (_Size=0x84) returned 0x2e29e5331b0 [0178.896] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a5e3103118, lpBuffer=0x2e29e5331b0, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0178.896] free (_Block=0x2e29e5331b0) [0178.897] CloseHandle (hObject=0x274) returned 1 [0178.898] _ui64tow_s (in: _Value=0x39c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="924") returned 0x0 [0178.902] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="924") returned 3 [0178.903] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.903] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.943] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x39c) returned 0x274 [0178.943] GetLastError () returned 0x0 [0178.943] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.943] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xd3ae96018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.943] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.944] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e9d3f03490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.944] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e9d3f030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.945] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.946] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.946] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xd3ae96020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.946] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e9d3f02ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.947] malloc (_Size=0x86) returned 0x2e29e5331b0 [0178.947] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e9d3f03118, lpBuffer=0x2e29e5331b0, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0178.947] free (_Block=0x2e29e5331b0) [0178.948] CloseHandle (hObject=0x274) returned 1 [0178.949] _ui64tow_s (in: _Value=0x3fc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1020") returned 0x0 [0178.953] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1020") returned 4 [0178.954] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.955] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0178.974] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3fc) returned 0x274 [0178.974] GetLastError () returned 0x0 [0178.974] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0178.974] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x71b3034018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0178.974] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0178.974] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26426003470, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0178.976] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x264260030d8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0178.978] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0178.980] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0178.980] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x71b3034020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0178.980] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26426002ac0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0178.981] malloc (_Size=0x62) returned 0x2e29e52fed0 [0178.981] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26426003118, lpBuffer=0x2e29e52fed0, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0178.981] free (_Block=0x2e29e52fed0) [0178.982] CloseHandle (hObject=0x274) returned 1 [0178.983] _ui64tow_s (in: _Value=0x1b8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="440") returned 0x0 [0178.990] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="440") returned 3 [0178.991] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0178.991] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.027] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b8) returned 0x274 [0179.027] GetLastError () returned 0x0 [0179.027] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.027] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xb4bbe3c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.027] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.028] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f146e03400, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.028] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f146e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.029] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.030] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xb4bbe3c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f146e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.030] malloc (_Size=0x82) returned 0x2e29e5331b0 [0179.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f146e03088, lpBuffer=0x2e29e5331b0, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0179.031] free (_Block=0x2e29e5331b0) [0179.032] CloseHandle (hObject=0x274) returned 1 [0179.033] _ui64tow_s (in: _Value=0x460, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1120") returned 0x0 [0179.041] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1120") returned 4 [0179.042] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.042] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.064] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x460) returned 0x274 [0179.064] GetLastError () returned 0x0 [0179.065] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.065] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x448f0b2018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.065] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.065] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e0ed903460, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.065] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e0ed9030c8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.071] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.072] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.072] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x448f0b2020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.072] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e0ed902ab0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.073] malloc (_Size=0x66) returned 0x2e29e530480 [0179.073] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e0ed903108, lpBuffer=0x2e29e530480, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0179.073] free (_Block=0x2e29e530480) [0179.074] CloseHandle (hObject=0x274) returned 1 [0179.075] _ui64tow_s (in: _Value=0x4d8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1240") returned 0x0 [0179.080] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1240") returned 4 [0179.082] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.084] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.104] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d8) returned 0x274 [0179.105] GetLastError () returned 0x0 [0179.105] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.105] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3ff018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.105] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.105] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1b70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.105] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1818, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.106] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.107] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.107] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3ff020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.108] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.108] malloc (_Size=0x42) returned 0x2e29e52c5c0 [0179.108] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1858, lpBuffer=0x2e29e52c5c0, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52c5c0*, lpNumberOfBytesRead=0x0) returned 1 [0179.108] free (_Block=0x2e29e52c5c0) [0179.109] CloseHandle (hObject=0x274) returned 1 [0179.109] _ui64tow_s (in: _Value=0x580, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1408") returned 0x0 [0179.127] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1408") returned 4 [0179.131] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.131] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.149] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x580) returned 0x274 [0179.149] GetLastError () returned 0x0 [0179.150] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.150] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xada0213018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.150] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.150] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1eb702a1bf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.150] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1eb702a18c8, lpBuffer=0xe35bf7c370, nSize=0x3e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.151] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.152] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.152] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xada0213020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.152] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1eb702a12b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.153] malloc (_Size=0x18) returned 0x2e29e531f00 [0179.153] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1eb702a1906, lpBuffer=0x2e29e531f00, nSize=0x16, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e531f00*, lpNumberOfBytesRead=0x0) returned 1 [0179.153] free (_Block=0x2e29e531f00) [0179.154] CloseHandle (hObject=0x274) returned 1 [0179.154] _ui64tow_s (in: _Value=0x634, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1588") returned 0x0 [0179.159] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1588") returned 4 [0179.162] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.162] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.184] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x634) returned 0x274 [0179.184] GetLastError () returned 0x0 [0179.184] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.184] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x10d4688018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.184] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.185] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x15c5b9034a0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.185] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x15c5b9030e8, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.186] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.187] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.187] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x10d4688020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.187] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x15c5b902ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.187] malloc (_Size=0x64) returned 0x2e29e52fed0 [0179.187] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x15c5b903134, lpBuffer=0x2e29e52fed0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0179.188] free (_Block=0x2e29e52fed0) [0179.189] CloseHandle (hObject=0x274) returned 1 [0179.190] _ui64tow_s (in: _Value=0x698, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1688") returned 0x0 [0179.196] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1688") returned 4 [0179.197] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.197] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.216] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x698) returned 0x274 [0179.216] GetLastError () returned 0x0 [0179.216] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.217] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39e61be018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.217] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.217] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a332e033e0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.217] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a332e03048, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.218] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.219] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.219] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39e61be020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.219] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a332e02a30, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.219] malloc (_Size=0x5a) returned 0x2e29e530330 [0179.220] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1a332e03088, lpBuffer=0x2e29e530330, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0179.220] free (_Block=0x2e29e530330) [0179.221] CloseHandle (hObject=0x274) returned 1 [0179.227] _ui64tow_s (in: _Value=0x7e8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2024") returned 0x0 [0179.232] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2024") returned 4 [0179.233] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.233] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.265] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7e8) returned 0x274 [0179.265] GetLastError () returned 0x0 [0179.265] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.265] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39a018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.265] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.266] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a1c50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.266] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a18e8, lpBuffer=0xe35bf7c370, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.267] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.271] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.271] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39a020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.271] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a12d0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.272] malloc (_Size=0x32) returned 0x2e29e530870 [0179.272] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a1918, lpBuffer=0x2e29e530870, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530870*, lpNumberOfBytesRead=0x0) returned 1 [0179.273] free (_Block=0x2e29e530870) [0179.274] CloseHandle (hObject=0x274) returned 1 [0179.274] _ui64tow_s (in: _Value=0x2e0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="736") returned 0x0 [0179.281] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="736") returned 3 [0179.282] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.283] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.309] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2e0) returned 0x274 [0179.309] GetLastError () returned 0x0 [0179.309] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.309] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xa6def54018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.310] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.310] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23ea7c31c70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.310] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23ea7c318c8, lpBuffer=0xe35bf7c370, nSize=0x44, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.311] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.312] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.312] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xa6def54020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.312] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23ea7c312b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.312] malloc (_Size=0x6c) returned 0x2e29e5331b0 [0179.312] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23ea7c3190c, lpBuffer=0x2e29e5331b0, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0179.313] free (_Block=0x2e29e5331b0) [0179.314] CloseHandle (hObject=0x274) returned 1 [0179.314] _ui64tow_s (in: _Value=0x8d4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2260") returned 0x0 [0179.321] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2260") returned 4 [0179.322] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.322] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.342] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d4) returned 0x274 [0179.342] GetLastError () returned 0x0 [0179.342] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.343] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1163c21018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.343] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.344] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c798303780, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.345] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c7983032e8, lpBuffer=0xe35bf7c370, nSize=0xa0, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.346] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.350] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1163c21020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c798302c60, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.351] malloc (_Size=0x118) returned 0x2e29e536d60 [0179.351] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c798303388, lpBuffer=0x2e29e536d60, nSize=0x116, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e536d60*, lpNumberOfBytesRead=0x0) returned 1 [0179.352] free (_Block=0x2e29e536d60) [0179.353] CloseHandle (hObject=0x274) returned 1 [0179.353] _ui64tow_s (in: _Value=0x934, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2356") returned 0x0 [0179.358] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2356") returned 4 [0179.359] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.359] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.377] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x934) returned 0x274 [0179.377] GetLastError () returned 0x0 [0179.378] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.381] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xc29bf78018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.381] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.382] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28460e03730, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.382] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28460e032b4, lpBuffer=0xe35bf7c370, nSize=0x96, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.384] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.385] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.385] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xc29bf78020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.386] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28460e02c20, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.387] malloc (_Size=0x11a) returned 0x2e29e534e70 [0179.387] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x28460e0334a, lpBuffer=0x2e29e534e70, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0179.388] free (_Block=0x2e29e534e70) [0179.388] CloseHandle (hObject=0x274) returned 1 [0179.389] _ui64tow_s (in: _Value=0x8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="8") returned 0x0 [0179.396] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="8") returned 1 [0179.397] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.397] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.414] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8) returned 0x274 [0179.415] GetLastError () returned 0x0 [0179.415] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.415] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x227ce00018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.415] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.415] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1db5b303490, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.415] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1db5b3030e8, lpBuffer=0xe35bf7c370, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.416] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.417] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.417] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x227ce00020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.417] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1db5b302ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.418] malloc (_Size=0x6a) returned 0x2e29e5331b0 [0179.418] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1db5b303128, lpBuffer=0x2e29e5331b0, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0179.419] free (_Block=0x2e29e5331b0) [0179.419] CloseHandle (hObject=0x274) returned 1 [0179.420] _ui64tow_s (in: _Value=0xae4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2788") returned 0x0 [0179.424] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2788") returned 4 [0179.476] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.476] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.495] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xae4) returned 0x274 [0179.495] GetLastError () returned 0x0 [0179.495] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.496] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2db7e47018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.496] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.496] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x17ffee61bd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.496] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x17ffee61818, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.497] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.499] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.499] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2db7e47020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.499] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x17ffee61200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.499] malloc (_Size=0x64) returned 0x2e29e530090 [0179.499] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x17ffee61864, lpBuffer=0x2e29e530090, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530090*, lpNumberOfBytesRead=0x0) returned 1 [0179.500] free (_Block=0x2e29e530090) [0179.501] CloseHandle (hObject=0x274) returned 1 [0179.501] _ui64tow_s (in: _Value=0xb40, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="2880") returned 0x0 [0179.509] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="2880") returned 4 [0179.510] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.510] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.530] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb40) returned 0x274 [0179.530] GetLastError () returned 0x0 [0179.530] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.531] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x100358018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.531] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.531] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1822c721c80, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.531] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1822c7218c8, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.532] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.533] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.533] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x100358020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.534] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1822c7212b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.534] malloc (_Size=0x72) returned 0x2e29e5331b0 [0179.534] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1822c721922, lpBuffer=0x2e29e5331b0, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0179.535] free (_Block=0x2e29e5331b0) [0179.538] CloseHandle (hObject=0x274) returned 1 [0179.622] _ui64tow_s (in: _Value=0x4a8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1192") returned 0x0 [0179.626] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1192") returned 4 [0179.628] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x7b95ec4f, dwBuildNumber=0x7ffa, dwPlatformId=0x5bf7c920, szCSDVersion="ã") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.628] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.652] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a8) returned 0x274 [0179.652] GetLastError () returned 0x0 [0179.652] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.652] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x251d53018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.653] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.653] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x170b8103510, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.654] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x170b810312a, lpBuffer=0xe35bf7c370, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.655] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.656] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.657] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x251d53020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.657] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x170b8102ad0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.658] malloc (_Size=0xd6) returned 0x2e29e534e70 [0179.658] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x170b8103192, lpBuffer=0x2e29e534e70, nSize=0xd4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0179.724] free (_Block=0x2e29e534e70) [0179.725] CloseHandle (hObject=0x274) returned 1 [0179.726] _ui64tow_s (in: _Value=0x5e0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="1504") returned 0x0 [0179.730] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="1504") returned 4 [0179.732] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.732] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.751] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x0 [0179.751] CloseHandle (hObject=0x0) returned 0 [0179.751] _ui64tow_s (in: _Value=0xbf4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3060") returned 0x0 [0179.759] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3060") returned 4 [0179.760] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.760] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.806] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf4) returned 0x274 [0179.806] GetLastError () returned 0x0 [0179.806] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.806] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe8629e5018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.806] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21503af1d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.807] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21503af1948, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.808] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.809] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.809] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe8629e5020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.809] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21503af1330, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.809] malloc (_Size=0x7e) returned 0x2e29e534e70 [0179.810] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21503af19a8, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0179.810] free (_Block=0x2e29e534e70) [0179.811] CloseHandle (hObject=0x274) returned 1 [0179.811] _ui64tow_s (in: _Value=0xd40, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3392") returned 0x0 [0179.819] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3392") returned 4 [0179.820] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.820] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.865] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd40) returned 0x274 [0179.865] GetLastError () returned 0x0 [0179.865] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x301018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x601cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6018f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.866] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.868] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x301020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.868] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.868] malloc (_Size=0x68) returned 0x2e29e52fed0 [0179.868] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x601958, lpBuffer=0x2e29e52fed0, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0179.869] free (_Block=0x2e29e52fed0) [0179.869] CloseHandle (hObject=0x274) returned 1 [0179.870] _ui64tow_s (in: _Value=0xd48, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3400") returned 0x0 [0179.874] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3400") returned 4 [0179.875] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.875] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.896] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd48) returned 0x274 [0179.896] GetLastError () returned 0x0 [0179.897] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.897] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x230018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.897] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.897] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x781d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.897] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7818f8, lpBuffer=0xe35bf7c370, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.898] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.899] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.899] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x230020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.900] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.900] malloc (_Size=0x8c) returned 0x2e29e534e70 [0179.900] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x78197c, lpBuffer=0x2e29e534e70, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0179.900] free (_Block=0x2e29e534e70) [0179.901] CloseHandle (hObject=0x274) returned 1 [0179.902] _ui64tow_s (in: _Value=0xd54, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3412") returned 0x0 [0179.906] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3412") returned 4 [0179.907] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.907] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.946] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd54) returned 0x274 [0179.946] GetLastError () returned 0x0 [0179.946] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.946] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x30b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.947] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.947] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.947] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b18f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.948] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.949] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.949] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x30b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.950] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.950] malloc (_Size=0x66) returned 0x2e29e530330 [0179.950] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b1956, lpBuffer=0x2e29e530330, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0179.950] free (_Block=0x2e29e530330) [0179.951] CloseHandle (hObject=0x274) returned 1 [0179.951] _ui64tow_s (in: _Value=0xd64, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3428") returned 0x0 [0179.956] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3428") returned 4 [0179.961] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.961] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0179.980] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd64) returned 0x274 [0179.980] GetLastError () returned 0x0 [0179.981] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0179.981] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0179.981] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0179.981] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x591d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0179.981] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5918f8, lpBuffer=0xe35bf7c370, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0179.982] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0179.983] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0179.983] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x23f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0179.984] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0179.984] malloc (_Size=0x80) returned 0x2e29e534e70 [0179.984] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x591970, lpBuffer=0x2e29e534e70, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0179.984] free (_Block=0x2e29e534e70) [0179.985] CloseHandle (hObject=0x274) returned 1 [0179.986] _ui64tow_s (in: _Value=0xd74, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3444") returned 0x0 [0179.993] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3444") returned 4 [0179.994] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0179.994] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd74) returned 0x274 [0180.015] GetLastError () returned 0x0 [0180.015] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.015] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x562018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.015] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.016] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x291d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.016] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2918f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.017] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.018] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.018] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x562020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.045] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.045] malloc (_Size=0x86) returned 0x2e29e534e70 [0180.045] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x291976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.046] free (_Block=0x2e29e534e70) [0180.046] CloseHandle (hObject=0x274) returned 1 [0180.047] _ui64tow_s (in: _Value=0xd80, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3456") returned 0x0 [0180.052] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3456") returned 4 [0180.053] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.053] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.082] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd80) returned 0x274 [0180.082] GetLastError () returned 0x0 [0180.082] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.087] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x437018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.087] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.087] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x251ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.088] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2518f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.090] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.091] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.092] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x437020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.092] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.092] malloc (_Size=0x6c) returned 0x2e29e534e70 [0180.092] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.093] free (_Block=0x2e29e534e70) [0180.094] CloseHandle (hObject=0x274) returned 1 [0180.094] _ui64tow_s (in: _Value=0xd8c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3468") returned 0x0 [0180.103] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3468") returned 4 [0180.104] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.104] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.122] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd8c) returned 0x274 [0180.122] GetLastError () returned 0x0 [0180.123] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.123] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x329018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.123] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.123] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4b1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.123] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4b18f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.124] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.125] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.125] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x329020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.126] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.126] malloc (_Size=0x68) returned 0x2e29e52fed0 [0180.126] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4b1958, lpBuffer=0x2e29e52fed0, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0180.126] free (_Block=0x2e29e52fed0) [0180.127] CloseHandle (hObject=0x274) returned 1 [0180.128] _ui64tow_s (in: _Value=0xd94, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3476") returned 0x0 [0180.135] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3476") returned 4 [0180.136] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.136] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.170] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd94) returned 0x274 [0180.170] GetLastError () returned 0x0 [0180.171] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.171] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x24c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.171] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.171] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.172] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.173] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.174] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x24c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.174] malloc (_Size=0x90) returned 0x2e29e534e70 [0180.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451980, lpBuffer=0x2e29e534e70, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.175] free (_Block=0x2e29e534e70) [0180.180] CloseHandle (hObject=0x274) returned 1 [0180.181] _ui64tow_s (in: _Value=0xd9c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3484") returned 0x0 [0180.186] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3484") returned 4 [0180.188] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.188] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd9c) returned 0x274 [0180.210] GetLastError () returned 0x0 [0180.211] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.211] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x206018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.211] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.211] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x571cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.211] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5718f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.212] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.213] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.213] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x206020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.213] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.214] malloc (_Size=0x66) returned 0x2e29e52fed0 [0180.214] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x571956, lpBuffer=0x2e29e52fed0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0180.214] free (_Block=0x2e29e52fed0) [0180.215] CloseHandle (hObject=0x274) returned 1 [0180.215] _ui64tow_s (in: _Value=0xdac, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3500") returned 0x0 [0180.220] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3500") returned 4 [0180.221] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.221] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.247] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdac) returned 0x274 [0180.248] GetLastError () returned 0x0 [0180.248] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.248] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.249] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.249] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x661cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.250] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6618f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.253] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.274] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.274] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.275] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6612e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.275] malloc (_Size=0x64) returned 0x2e29e530090 [0180.275] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x661954, lpBuffer=0x2e29e530090, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530090*, lpNumberOfBytesRead=0x0) returned 1 [0180.276] free (_Block=0x2e29e530090) [0180.277] CloseHandle (hObject=0x274) returned 1 [0180.278] _ui64tow_s (in: _Value=0xdb8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3512") returned 0x0 [0180.283] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3512") returned 4 [0180.284] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.284] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.311] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdb8) returned 0x274 [0180.311] GetLastError () returned 0x0 [0180.311] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.311] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x396018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.311] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.312] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c1ca0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.312] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c18f8, lpBuffer=0xe35bf7c370, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.313] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.314] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.314] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x396020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.315] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.315] malloc (_Size=0x5a) returned 0x2e29e530090 [0180.315] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c194a, lpBuffer=0x2e29e530090, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530090*, lpNumberOfBytesRead=0x0) returned 1 [0180.316] free (_Block=0x2e29e530090) [0180.320] CloseHandle (hObject=0x274) returned 1 [0180.320] _ui64tow_s (in: _Value=0xdc8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3528") returned 0x0 [0180.326] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3528") returned 4 [0180.327] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.327] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.373] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc8) returned 0x274 [0180.373] GetLastError () returned 0x0 [0180.374] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.374] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3b7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.374] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.374] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.374] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.376] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.378] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.456] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3b7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.456] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.457] malloc (_Size=0x6e) returned 0x2e29e534e70 [0180.457] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d195e, lpBuffer=0x2e29e534e70, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.457] free (_Block=0x2e29e534e70) [0180.458] CloseHandle (hObject=0x274) returned 1 [0180.458] _ui64tow_s (in: _Value=0xdd0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3536") returned 0x0 [0180.463] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3536") returned 4 [0180.464] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.464] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.680] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd0) returned 0x274 [0180.680] GetLastError () returned 0x0 [0180.680] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.680] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x221018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.681] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.681] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x481cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.681] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4818f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.682] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.683] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.683] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x221020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.683] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.683] malloc (_Size=0x68) returned 0x2e29e530330 [0180.683] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x481958, lpBuffer=0x2e29e530330, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0180.684] free (_Block=0x2e29e530330) [0180.685] CloseHandle (hObject=0x274) returned 1 [0180.686] _ui64tow_s (in: _Value=0xddc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3548") returned 0x0 [0180.690] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3548") returned 4 [0180.691] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.691] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.708] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xddc) returned 0x274 [0180.708] GetLastError () returned 0x0 [0180.708] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.708] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3f8018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.708] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.709] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.709] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.710] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.711] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.711] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3f8020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.711] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.711] malloc (_Size=0x82) returned 0x2e29e534e70 [0180.711] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1972, lpBuffer=0x2e29e534e70, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.712] free (_Block=0x2e29e534e70) [0180.713] CloseHandle (hObject=0x274) returned 1 [0180.713] _ui64tow_s (in: _Value=0xdec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3564") returned 0x0 [0180.718] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3564") returned 4 [0180.719] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.719] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.788] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdec) returned 0x274 [0180.788] GetLastError () returned 0x0 [0180.788] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.789] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x302018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.789] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.789] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x691d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.789] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6918f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.790] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.791] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.791] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x302020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.791] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.792] malloc (_Size=0x86) returned 0x2e29e534e70 [0180.792] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x691976, lpBuffer=0x2e29e534e70, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.793] free (_Block=0x2e29e534e70) [0180.793] CloseHandle (hObject=0x274) returned 1 [0180.794] _ui64tow_s (in: _Value=0xdf8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3576") returned 0x0 [0180.798] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3576") returned 4 [0180.799] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.799] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.860] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdf8) returned 0x274 [0180.860] GetLastError () returned 0x0 [0180.860] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.861] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3c4018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.886] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.886] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.886] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.887] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.889] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.889] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3c4020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.889] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.889] malloc (_Size=0x84) returned 0x2e29e534e70 [0180.889] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a1974, lpBuffer=0x2e29e534e70, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.903] free (_Block=0x2e29e534e70) [0180.942] CloseHandle (hObject=0x274) returned 1 [0180.942] _ui64tow_s (in: _Value=0xe04, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3588") returned 0x0 [0180.947] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3588") returned 4 [0180.948] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.948] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0180.967] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe04) returned 0x274 [0180.967] GetLastError () returned 0x0 [0180.968] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0180.968] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2fa018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0180.968] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0180.968] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0180.968] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0180.969] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0180.970] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0180.970] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2fa020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0180.970] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0180.971] malloc (_Size=0x76) returned 0x2e29e534e70 [0180.971] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0180.972] free (_Block=0x2e29e534e70) [0181.034] CloseHandle (hObject=0x274) returned 1 [0181.035] _ui64tow_s (in: _Value=0xe18, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3608") returned 0x0 [0181.039] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3608") returned 4 [0181.040] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.040] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.076] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe18) returned 0x274 [0181.076] GetLastError () returned 0x0 [0181.077] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.077] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2ce018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.077] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.077] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.077] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.078] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.079] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.079] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2ce020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.080] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.080] malloc (_Size=0x6c) returned 0x2e29e534e70 [0181.080] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5b195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.081] free (_Block=0x2e29e534e70) [0181.083] CloseHandle (hObject=0x274) returned 1 [0181.083] _ui64tow_s (in: _Value=0xe20, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3616") returned 0x0 [0181.087] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3616") returned 4 [0181.088] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.088] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.107] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe20) returned 0x274 [0181.107] GetLastError () returned 0x0 [0181.107] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.107] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x313018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.108] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.108] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.108] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.109] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.110] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.110] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x313020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.110] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.111] malloc (_Size=0x7a) returned 0x2e29e534e70 [0181.111] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x45196a, lpBuffer=0x2e29e534e70, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.112] free (_Block=0x2e29e534e70) [0181.114] CloseHandle (hObject=0x274) returned 1 [0181.114] _ui64tow_s (in: _Value=0xe2c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3628") returned 0x0 [0181.120] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3628") returned 4 [0181.122] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.122] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.143] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe2c) returned 0x274 [0181.143] GetLastError () returned 0x0 [0181.143] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.144] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x348018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.144] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.144] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e1cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.144] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.145] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.146] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.146] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x348020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.147] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.147] malloc (_Size=0x60) returned 0x2e29e52ffb0 [0181.147] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e1950, lpBuffer=0x2e29e52ffb0, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ffb0*, lpNumberOfBytesRead=0x0) returned 1 [0181.148] free (_Block=0x2e29e52ffb0) [0181.149] CloseHandle (hObject=0x274) returned 1 [0181.149] _ui64tow_s (in: _Value=0xe3c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3644") returned 0x0 [0181.153] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3644") returned 4 [0181.155] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.155] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.174] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe3c) returned 0x274 [0181.174] GetLastError () returned 0x0 [0181.174] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e4018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.174] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.175] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.176] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.177] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e4020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.178] malloc (_Size=0x6c) returned 0x2e29e534e70 [0181.178] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.178] free (_Block=0x2e29e534e70) [0181.179] CloseHandle (hObject=0x274) returned 1 [0181.180] _ui64tow_s (in: _Value=0xe48, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3656") returned 0x0 [0181.185] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3656") returned 4 [0181.186] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.186] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.204] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe48) returned 0x274 [0181.204] GetLastError () returned 0x0 [0181.204] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.204] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3cb018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.204] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.204] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.205] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.205] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.208] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.208] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3cb020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.208] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.208] malloc (_Size=0x6c) returned 0x2e29e534e70 [0181.208] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.209] free (_Block=0x2e29e534e70) [0181.210] CloseHandle (hObject=0x274) returned 1 [0181.210] _ui64tow_s (in: _Value=0xe50, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3664") returned 0x0 [0181.214] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3664") returned 4 [0181.215] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.215] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.232] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe50) returned 0x274 [0181.232] GetLastError () returned 0x0 [0181.232] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.232] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.233] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.233] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.233] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.234] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.235] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.235] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.235] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.235] malloc (_Size=0x78) returned 0x2e29e534e70 [0181.235] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1968, lpBuffer=0x2e29e534e70, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.236] free (_Block=0x2e29e534e70) [0181.237] CloseHandle (hObject=0x274) returned 1 [0181.238] _ui64tow_s (in: _Value=0xe60, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3680") returned 0x0 [0181.242] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3680") returned 4 [0181.243] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.243] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.268] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe60) returned 0x274 [0181.268] GetLastError () returned 0x0 [0181.269] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.269] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.269] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.269] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x581c60, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.270] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5818f8, lpBuffer=0xe35bf7c370, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.271] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.272] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.272] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.272] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.272] malloc (_Size=0x44) returned 0x2e29e52ca20 [0181.272] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x581934, lpBuffer=0x2e29e52ca20, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.273] free (_Block=0x2e29e52ca20) [0181.274] CloseHandle (hObject=0x274) returned 1 [0181.274] _ui64tow_s (in: _Value=0xe70, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3696") returned 0x0 [0181.279] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3696") returned 4 [0181.280] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.280] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.296] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe70) returned 0x274 [0181.296] GetLastError () returned 0x0 [0181.297] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.297] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3ad018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.297] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.297] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.297] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x54, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.298] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.299] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.299] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3ad020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.299] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.300] malloc (_Size=0x5c) returned 0x2e29e530330 [0181.300] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x45194c, lpBuffer=0x2e29e530330, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0181.301] free (_Block=0x2e29e530330) [0181.302] CloseHandle (hObject=0x274) returned 1 [0181.303] _ui64tow_s (in: _Value=0xe7c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3708") returned 0x0 [0181.307] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3708") returned 4 [0181.308] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.308] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.325] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe7c) returned 0x274 [0181.325] GetLastError () returned 0x0 [0181.325] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.325] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3cb018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.325] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.326] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6e1cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.326] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6e18f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.327] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.329] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.329] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3cb020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.329] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.329] malloc (_Size=0x64) returned 0x2e29e52fed0 [0181.329] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6e1954, lpBuffer=0x2e29e52fed0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0181.330] free (_Block=0x2e29e52fed0) [0181.332] CloseHandle (hObject=0x274) returned 1 [0181.333] _ui64tow_s (in: _Value=0xe88, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3720") returned 0x0 [0181.339] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3720") returned 4 [0181.341] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.341] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.364] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe88) returned 0x274 [0181.364] GetLastError () returned 0x0 [0181.364] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.364] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3a2018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.364] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.365] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.365] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f18f8, lpBuffer=0xe35bf7c370, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.366] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.367] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.367] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3a2020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.367] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.368] malloc (_Size=0x82) returned 0x2e29e534e70 [0181.368] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f1972, lpBuffer=0x2e29e534e70, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.369] free (_Block=0x2e29e534e70) [0181.369] CloseHandle (hObject=0x274) returned 1 [0181.433] _ui64tow_s (in: _Value=0xe94, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3732") returned 0x0 [0181.437] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3732") returned 4 [0181.438] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.438] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.455] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe94) returned 0x274 [0181.455] GetLastError () returned 0x0 [0181.455] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.455] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x30d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.455] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.456] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a1d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.456] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a18f8, lpBuffer=0xe35bf7c370, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.457] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.458] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.458] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x30d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.458] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.459] malloc (_Size=0x7e) returned 0x2e29e534e70 [0181.459] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4a196e, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.460] free (_Block=0x2e29e534e70) [0181.460] CloseHandle (hObject=0x274) returned 1 [0181.461] _ui64tow_s (in: _Value=0xea0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3744") returned 0x0 [0181.466] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3744") returned 4 [0181.467] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.467] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.511] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xea0) returned 0x274 [0181.511] GetLastError () returned 0x0 [0181.511] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.511] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x284018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.511] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.511] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a1cb0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.512] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a18f8, lpBuffer=0xe35bf7c370, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.512] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.514] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.514] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x284020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.514] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.514] malloc (_Size=0x5e) returned 0x2e29e52fed0 [0181.514] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a194e, lpBuffer=0x2e29e52fed0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0181.515] free (_Block=0x2e29e52fed0) [0181.516] CloseHandle (hObject=0x274) returned 1 [0181.516] _ui64tow_s (in: _Value=0xeb0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3760") returned 0x0 [0181.520] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3760") returned 4 [0181.521] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.522] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.570] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeb0) returned 0x274 [0181.570] GetLastError () returned 0x0 [0181.571] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.571] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x56e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.571] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.571] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x741cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.571] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7418f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.572] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.574] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.574] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x56e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.574] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7412e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.574] malloc (_Size=0x66) returned 0x2e29e530330 [0181.574] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x741956, lpBuffer=0x2e29e530330, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0181.575] free (_Block=0x2e29e530330) [0181.576] CloseHandle (hObject=0x274) returned 1 [0181.576] _ui64tow_s (in: _Value=0xebc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3772") returned 0x0 [0181.582] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3772") returned 4 [0181.584] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.584] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.601] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xebc) returned 0x274 [0181.601] GetLastError () returned 0x0 [0181.601] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.601] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x244018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.601] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.601] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.601] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e18f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.602] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.604] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.604] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x244020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.604] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.604] malloc (_Size=0x74) returned 0x2e29e534e70 [0181.604] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5e1964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.605] free (_Block=0x2e29e534e70) [0181.606] CloseHandle (hObject=0x274) returned 1 [0181.606] _ui64tow_s (in: _Value=0xec8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3784") returned 0x0 [0181.610] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3784") returned 4 [0181.611] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.611] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.678] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec8) returned 0x274 [0181.678] GetLastError () returned 0x0 [0181.678] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.678] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x255018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.679] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.679] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.679] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.680] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.682] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.682] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x255020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.682] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.682] malloc (_Size=0x62) returned 0x2e29e530480 [0181.682] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501952, lpBuffer=0x2e29e530480, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0181.683] free (_Block=0x2e29e530480) [0181.684] CloseHandle (hObject=0x274) returned 1 [0181.684] _ui64tow_s (in: _Value=0xed8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3800") returned 0x0 [0181.689] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3800") returned 4 [0181.692] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.692] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.740] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xed8) returned 0x274 [0181.740] GetLastError () returned 0x0 [0181.740] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.740] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.740] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.741] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c1ca0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.741] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c18f8, lpBuffer=0xe35bf7c370, nSize=0x50, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.742] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.743] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.743] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.743] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.744] malloc (_Size=0x58) returned 0x2e29e558fe0 [0181.744] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c1948, lpBuffer=0x2e29e558fe0, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e558fe0*, lpNumberOfBytesRead=0x0) returned 1 [0181.745] free (_Block=0x2e29e558fe0) [0181.745] CloseHandle (hObject=0x274) returned 1 [0181.746] _ui64tow_s (in: _Value=0xee0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3808") returned 0x0 [0181.750] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3808") returned 4 [0181.752] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.752] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.770] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xee0) returned 0x274 [0181.770] GetLastError () returned 0x0 [0181.770] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.770] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x290018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.770] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.770] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d1cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.771] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.772] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.773] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.773] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x290020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.773] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.773] malloc (_Size=0x74) returned 0x2e29e534e70 [0181.773] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d1964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.774] free (_Block=0x2e29e534e70) [0181.775] CloseHandle (hObject=0x274) returned 1 [0181.775] _ui64tow_s (in: _Value=0xeec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3820") returned 0x0 [0181.780] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3820") returned 4 [0181.781] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.781] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.856] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeec) returned 0x274 [0181.856] GetLastError () returned 0x0 [0181.856] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.856] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.857] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.857] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.857] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501958, lpBuffer=0xe35bf7c370, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.858] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.859] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.859] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x39e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.859] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501340, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.859] malloc (_Size=0x62) returned 0x2e29e52ff40 [0181.859] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5019b2, lpBuffer=0x2e29e52ff40, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52ff40*, lpNumberOfBytesRead=0x0) returned 1 [0181.860] free (_Block=0x2e29e52ff40) [0181.861] CloseHandle (hObject=0x274) returned 1 [0181.862] _ui64tow_s (in: _Value=0xef4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3828") returned 0x0 [0181.866] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3828") returned 4 [0181.867] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.868] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.908] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xef4) returned 0x274 [0181.908] GetLastError () returned 0x0 [0181.908] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.908] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x34d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.908] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.908] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.908] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.910] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.911] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.911] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x34d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.911] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.911] malloc (_Size=0x6c) returned 0x2e29e534e70 [0181.911] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5c195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.913] free (_Block=0x2e29e534e70) [0181.913] CloseHandle (hObject=0x274) returned 1 [0181.914] _ui64tow_s (in: _Value=0xf04, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3844") returned 0x0 [0181.918] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3844") returned 4 [0181.920] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0181.920] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0181.936] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf04) returned 0x274 [0181.936] GetLastError () returned 0x0 [0181.937] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0181.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x41f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0181.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0181.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7e1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0181.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7e18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0181.938] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0181.940] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0181.940] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x41f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0181.940] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0181.940] malloc (_Size=0x76) returned 0x2e29e534e70 [0181.940] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7e1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0181.941] free (_Block=0x2e29e534e70) [0181.971] CloseHandle (hObject=0x274) returned 1 [0181.971] _ui64tow_s (in: _Value=0xf14, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3860") returned 0x0 [0182.025] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3860") returned 4 [0182.026] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.026] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.042] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf14) returned 0x274 [0182.042] GetLastError () returned 0x0 [0182.043] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.043] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e9018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.043] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.043] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.043] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.044] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.045] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.046] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e9020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.046] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.046] malloc (_Size=0x6c) returned 0x2e29e534e70 [0182.046] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.047] free (_Block=0x2e29e534e70) [0182.048] CloseHandle (hObject=0x274) returned 1 [0182.048] _ui64tow_s (in: _Value=0xf1c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3868") returned 0x0 [0182.053] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3868") returned 4 [0182.054] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.054] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.110] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf1c) returned 0x274 [0182.110] GetLastError () returned 0x0 [0182.111] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.111] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5fc018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.111] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.111] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x271cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.111] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2718f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.112] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.113] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.113] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5fc020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.114] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.114] malloc (_Size=0x64) returned 0x2e29e52fed0 [0182.114] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x271954, lpBuffer=0x2e29e52fed0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e52fed0*, lpNumberOfBytesRead=0x0) returned 1 [0182.115] free (_Block=0x2e29e52fed0) [0182.116] CloseHandle (hObject=0x274) returned 1 [0182.117] _ui64tow_s (in: _Value=0xf24, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3876") returned 0x0 [0182.123] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3876") returned 4 [0182.124] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.124] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.143] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x274 [0182.143] GetLastError () returned 0x0 [0182.143] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.143] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22c018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.143] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.179] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.179] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.180] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.181] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.181] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22c020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.182] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.182] malloc (_Size=0x7a) returned 0x2e29e534e70 [0182.182] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f196a, lpBuffer=0x2e29e534e70, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.183] free (_Block=0x2e29e534e70) [0182.183] CloseHandle (hObject=0x274) returned 1 [0182.184] _ui64tow_s (in: _Value=0xf3c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3900") returned 0x0 [0182.189] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3900") returned 4 [0182.190] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.190] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.209] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf3c) returned 0x274 [0182.209] GetLastError () returned 0x0 [0182.210] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.210] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2dc018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.210] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.210] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d1cc0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.210] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d18f8, lpBuffer=0xe35bf7c370, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.211] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.212] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.213] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2dc020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.213] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.213] malloc (_Size=0x64) returned 0x2e29e530480 [0182.213] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5d1954, lpBuffer=0x2e29e530480, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0182.214] free (_Block=0x2e29e530480) [0182.215] CloseHandle (hObject=0x274) returned 1 [0182.215] _ui64tow_s (in: _Value=0xf44, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3908") returned 0x0 [0182.220] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3908") returned 4 [0182.221] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.221] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.240] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf44) returned 0x274 [0182.240] GetLastError () returned 0x0 [0182.240] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.240] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x24b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.241] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.241] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.241] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a18f8, lpBuffer=0xe35bf7c370, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.242] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.243] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.243] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x24b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.243] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.243] malloc (_Size=0x6a) returned 0x2e29e534e70 [0182.243] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5a195a, lpBuffer=0x2e29e534e70, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.244] free (_Block=0x2e29e534e70) [0182.245] CloseHandle (hObject=0x274) returned 1 [0182.246] _ui64tow_s (in: _Value=0xf50, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3920") returned 0x0 [0182.250] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3920") returned 4 [0182.251] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.251] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.276] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf50) returned 0x274 [0182.276] GetLastError () returned 0x0 [0182.277] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.277] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x297018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.277] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.278] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f1cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.278] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f18f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.281] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.284] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.284] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x297020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.285] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.285] malloc (_Size=0x66) returned 0x2e29e530330 [0182.285] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4f1956, lpBuffer=0x2e29e530330, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530330*, lpNumberOfBytesRead=0x0) returned 1 [0182.286] free (_Block=0x2e29e530330) [0182.288] CloseHandle (hObject=0x274) returned 1 [0182.289] _ui64tow_s (in: _Value=0xf58, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3928") returned 0x0 [0182.297] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3928") returned 4 [0182.299] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.299] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.322] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf58) returned 0x274 [0182.322] GetLastError () returned 0x0 [0182.322] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.322] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.322] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.323] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4d1c80, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.323] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4d18f8, lpBuffer=0xe35bf7c370, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.324] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.325] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.325] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.325] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.325] malloc (_Size=0x50) returned 0x2e29e559100 [0182.325] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4d1940, lpBuffer=0x2e29e559100, nSize=0x4e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e559100*, lpNumberOfBytesRead=0x0) returned 1 [0182.326] free (_Block=0x2e29e559100) [0182.327] CloseHandle (hObject=0x274) returned 1 [0182.327] _ui64tow_s (in: _Value=0xf6c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3948") returned 0x0 [0182.332] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3948") returned 4 [0182.333] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.333] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.349] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf6c) returned 0x274 [0182.349] GetLastError () returned 0x0 [0182.350] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x601d50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.350] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6018f8, lpBuffer=0xe35bf7c370, nSize=0x8c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.351] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.352] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.352] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x20d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.352] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x6012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.353] malloc (_Size=0x94) returned 0x2e29e5571c0 [0182.353] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x601984, lpBuffer=0x2e29e5571c0, nSize=0x92, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5571c0*, lpNumberOfBytesRead=0x0) returned 1 [0182.353] free (_Block=0x2e29e5571c0) [0182.354] CloseHandle (hObject=0x274) returned 1 [0182.354] _ui64tow_s (in: _Value=0xf78, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3960") returned 0x0 [0182.359] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3960") returned 4 [0182.360] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.360] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.378] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf78) returned 0x274 [0182.378] GetLastError () returned 0x0 [0182.378] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.378] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.379] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.379] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x511cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.379] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5118f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.380] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.381] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.381] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.381] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5112e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.381] malloc (_Size=0x74) returned 0x2e29e534e70 [0182.382] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x511964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.382] free (_Block=0x2e29e534e70) [0182.383] CloseHandle (hObject=0x274) returned 1 [0182.384] _ui64tow_s (in: _Value=0xf84, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3972") returned 0x0 [0182.388] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3972") returned 4 [0182.389] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.389] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.406] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf84) returned 0x274 [0182.406] GetLastError () returned 0x0 [0182.407] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3db018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x461cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4618f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.408] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.410] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.410] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3db020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.410] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4612e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.410] malloc (_Size=0x74) returned 0x2e29e534e70 [0182.410] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x461964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.411] free (_Block=0x2e29e534e70) [0182.412] CloseHandle (hObject=0x274) returned 1 [0182.412] _ui64tow_s (in: _Value=0xf8c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3980") returned 0x0 [0182.416] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3980") returned 4 [0182.418] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.418] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.435] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf8c) returned 0x274 [0182.435] GetLastError () returned 0x0 [0182.436] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.436] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x274018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.436] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.436] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x491cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.436] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4918f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.437] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.438] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.438] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x274020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.438] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4912e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.439] malloc (_Size=0x74) returned 0x2e29e534e70 [0182.439] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x491964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.439] free (_Block=0x2e29e534e70) [0182.440] CloseHandle (hObject=0x274) returned 1 [0182.441] _ui64tow_s (in: _Value=0xf9c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="3996") returned 0x0 [0182.445] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="3996") returned 4 [0182.446] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.446] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.462] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf9c) returned 0x274 [0182.462] GetLastError () returned 0x0 [0182.462] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.462] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x34d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.462] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.463] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x421cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.463] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4218f8, lpBuffer=0xe35bf7c370, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.464] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.465] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.465] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x34d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.465] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4212e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.465] malloc (_Size=0x68) returned 0x2e29e530480 [0182.465] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x421958, lpBuffer=0x2e29e530480, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0182.466] free (_Block=0x2e29e530480) [0182.467] CloseHandle (hObject=0x274) returned 1 [0182.467] _ui64tow_s (in: _Value=0xfa4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4004") returned 0x0 [0182.471] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4004") returned 4 [0182.473] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.473] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.490] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfa4) returned 0x274 [0182.490] GetLastError () returned 0x0 [0182.490] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.490] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x270018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.490] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.490] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x471d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.491] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4718f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.491] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.493] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.493] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x270020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.493] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.493] malloc (_Size=0x86) returned 0x2e29e5331b0 [0182.493] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x471976, lpBuffer=0x2e29e5331b0, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0182.494] free (_Block=0x2e29e5331b0) [0182.495] CloseHandle (hObject=0x274) returned 1 [0182.495] _ui64tow_s (in: _Value=0xfb4, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4020") returned 0x0 [0182.499] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4020") returned 4 [0182.501] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.501] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.519] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfb4) returned 0x274 [0182.519] GetLastError () returned 0x0 [0182.519] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.519] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d3018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.520] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.520] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.520] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.521] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.522] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.522] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2d3020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.522] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.522] malloc (_Size=0x6c) returned 0x2e29e534e70 [0182.523] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.523] free (_Block=0x2e29e534e70) [0182.524] CloseHandle (hObject=0x274) returned 1 [0182.524] _ui64tow_s (in: _Value=0xfbc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4028") returned 0x0 [0182.529] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4028") returned 4 [0182.530] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.530] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.546] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfbc) returned 0x274 [0182.546] GetLastError () returned 0x0 [0182.546] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.546] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3a7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.546] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.546] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x521d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.547] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5218f8, lpBuffer=0xe35bf7c370, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.548] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.549] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.549] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3a7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.549] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5212e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.550] malloc (_Size=0x86) returned 0x2e29e5331b0 [0182.550] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x521976, lpBuffer=0x2e29e5331b0, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0182.551] free (_Block=0x2e29e5331b0) [0182.551] CloseHandle (hObject=0x274) returned 1 [0182.552] _ui64tow_s (in: _Value=0xfd0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4048") returned 0x0 [0182.557] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4048") returned 4 [0182.558] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.558] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.579] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfd0) returned 0x274 [0182.579] GetLastError () returned 0x0 [0182.579] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.579] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x547018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.579] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.579] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e1c70, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.579] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.580] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.582] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.582] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x547020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.582] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.582] malloc (_Size=0x4a) returned 0x2e29e558bc0 [0182.582] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e193a, lpBuffer=0x2e29e558bc0, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e558bc0*, lpNumberOfBytesRead=0x0) returned 1 [0182.583] free (_Block=0x2e29e558bc0) [0182.584] CloseHandle (hObject=0x274) returned 1 [0182.584] _ui64tow_s (in: _Value=0xfd8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4056") returned 0x0 [0182.589] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4056") returned 4 [0182.590] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.590] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.606] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfd8) returned 0x274 [0182.606] GetLastError () returned 0x0 [0182.606] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.606] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x226018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.606] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.607] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x471cd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.607] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4718f8, lpBuffer=0xe35bf7c370, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.608] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.609] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.609] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x226020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.609] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.609] malloc (_Size=0x66) returned 0x2e29e530480 [0182.609] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x471956, lpBuffer=0x2e29e530480, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e530480*, lpNumberOfBytesRead=0x0) returned 1 [0182.610] free (_Block=0x2e29e530480) [0182.611] CloseHandle (hObject=0x274) returned 1 [0182.611] _ui64tow_s (in: _Value=0xfe8, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4072") returned 0x0 [0182.615] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4072") returned 4 [0182.617] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.617] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.633] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfe8) returned 0x274 [0182.633] GetLastError () returned 0x0 [0182.634] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.634] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x515018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.634] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.634] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x231d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.634] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2318f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.635] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.636] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.636] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x515020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.637] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2312e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.637] malloc (_Size=0x76) returned 0x2e29e534e70 [0182.637] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x231966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.638] free (_Block=0x2e29e534e70) [0182.643] CloseHandle (hObject=0x274) returned 1 [0182.644] _ui64tow_s (in: _Value=0xff0, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4080") returned 0x0 [0182.648] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4080") returned 4 [0182.650] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.650] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.668] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xff0) returned 0x274 [0182.668] GetLastError () returned 0x0 [0182.668] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3d1018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.668] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.669] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.669] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.670] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.671] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3d1020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.671] malloc (_Size=0x7e) returned 0x2e29e534e70 [0182.671] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x45196e, lpBuffer=0x2e29e534e70, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.672] free (_Block=0x2e29e534e70) [0182.673] CloseHandle (hObject=0x274) returned 1 [0182.673] _ui64tow_s (in: _Value=0xffc, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4092") returned 0x0 [0182.678] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4092") returned 4 [0182.680] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.680] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.698] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xffc) returned 0x274 [0182.698] GetLastError () returned 0x0 [0182.698] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.698] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.698] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.699] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c1ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.699] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c18f8, lpBuffer=0xe35bf7c370, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.700] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.701] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.701] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x26f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.702] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.702] malloc (_Size=0x6c) returned 0x2e29e534e70 [0182.702] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1c195c, lpBuffer=0x2e29e534e70, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.703] free (_Block=0x2e29e534e70) [0182.703] CloseHandle (hObject=0x274) returned 1 [0182.729] _ui64tow_s (in: _Value=0x1004, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4100") returned 0x0 [0182.734] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4100") returned 4 [0182.735] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.735] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.752] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1004) returned 0x274 [0182.752] GetLastError () returned 0x0 [0182.753] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.771] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25e018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.771] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.771] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501ce0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.772] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.773] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.774] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.774] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x25e020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.774] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.774] malloc (_Size=0x6e) returned 0x2e29e534e70 [0182.774] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x50195e, lpBuffer=0x2e29e534e70, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.775] free (_Block=0x2e29e534e70) [0182.775] CloseHandle (hObject=0x274) returned 1 [0182.776] _ui64tow_s (in: _Value=0x1014, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4116") returned 0x0 [0182.780] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4116") returned 4 [0182.782] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.782] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.799] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1014) returned 0x274 [0182.799] GetLastError () returned 0x0 [0182.799] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.799] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x321018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.799] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.799] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x571d40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.800] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5718f8, lpBuffer=0xe35bf7c370, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.801] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.802] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.802] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x321020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.802] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5712e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.803] malloc (_Size=0x90) returned 0x2e29e557580 [0182.803] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x571980, lpBuffer=0x2e29e557580, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e557580*, lpNumberOfBytesRead=0x0) returned 1 [0182.803] free (_Block=0x2e29e557580) [0182.804] CloseHandle (hObject=0x274) returned 1 [0182.805] _ui64tow_s (in: _Value=0x101c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4124") returned 0x0 [0182.809] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4124") returned 4 [0182.810] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.810] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.863] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x101c) returned 0x274 [0182.864] GetLastError () returned 0x0 [0182.864] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.864] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.865] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x481d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.866] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4818f8, lpBuffer=0xe35bf7c370, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.868] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.871] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.871] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x21f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.871] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4812e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.872] malloc (_Size=0x80) returned 0x2e29e534e70 [0182.872] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x481970, lpBuffer=0x2e29e534e70, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0182.873] free (_Block=0x2e29e534e70) [0182.874] CloseHandle (hObject=0x274) returned 1 [0182.875] _ui64tow_s (in: _Value=0x1030, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4144") returned 0x0 [0182.918] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4144") returned 4 [0182.919] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.919] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0182.934] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1030) returned 0x274 [0182.934] GetLastError () returned 0x0 [0182.934] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0182.935] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x29d018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0182.935] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0182.935] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451d50, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0182.935] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4518f8, lpBuffer=0xe35bf7c370, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0182.936] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0182.937] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0182.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x29d020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0182.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x4512e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0182.937] malloc (_Size=0x92) returned 0x2e29e557940 [0182.937] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x451982, lpBuffer=0x2e29e557940, nSize=0x90, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e557940*, lpNumberOfBytesRead=0x0) returned 1 [0182.938] free (_Block=0x2e29e557940) [0182.939] CloseHandle (hObject=0x274) returned 1 [0182.939] _ui64tow_s (in: _Value=0x1038, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4152") returned 0x0 [0182.943] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4152") returned 4 [0182.944] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0182.944] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.027] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1038) returned 0x274 [0183.027] GetLastError () returned 0x0 [0183.027] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.027] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2f5018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.027] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.028] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e1d30, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.028] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e18f8, lpBuffer=0xe35bf7c370, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.028] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.030] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2f5020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.030] malloc (_Size=0x8a) returned 0x2e29e557e40 [0183.030] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1e197a, lpBuffer=0x2e29e557e40, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e557e40*, lpNumberOfBytesRead=0x0) returned 1 [0183.031] free (_Block=0x2e29e557e40) [0183.031] CloseHandle (hObject=0x274) returned 1 [0183.032] _ui64tow_s (in: _Value=0x1048, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4168") returned 0x0 [0183.039] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4168") returned 4 [0183.040] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.041] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.056] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1048) returned 0x274 [0183.056] GetLastError () returned 0x0 [0183.057] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.057] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.057] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.057] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1d00, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.057] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f18f8, lpBuffer=0xe35bf7c370, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.058] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.059] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.059] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x22b020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.059] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.060] malloc (_Size=0x76) returned 0x2e29e534e70 [0183.060] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5f1966, lpBuffer=0x2e29e534e70, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.060] free (_Block=0x2e29e534e70) [0183.061] CloseHandle (hObject=0x274) returned 1 [0183.061] _ui64tow_s (in: _Value=0x1054, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4180") returned 0x0 [0183.100] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4180") returned 4 [0183.102] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.102] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.119] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1054) returned 0x274 [0183.119] GetLastError () returned 0x0 [0183.119] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.119] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3f6018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.120] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.120] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501cf0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.120] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5018f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.121] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.122] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.122] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x3f6020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.122] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5012e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.122] malloc (_Size=0x74) returned 0x2e29e534e70 [0183.122] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x501964, lpBuffer=0x2e29e534e70, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.123] free (_Block=0x2e29e534e70) [0183.124] CloseHandle (hObject=0x274) returned 1 [0183.124] _ui64tow_s (in: _Value=0x105c, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4188") returned 0x0 [0183.128] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4188") returned 4 [0183.130] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.130] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.177] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x105c) returned 0x274 [0183.177] GetLastError () returned 0x0 [0183.177] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x517018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d1d20, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.177] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d18f8, lpBuffer=0xe35bf7c370, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.179] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.180] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.180] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x517020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.180] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d12e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.180] malloc (_Size=0x84) returned 0x2e29e534e70 [0183.180] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1d1974, lpBuffer=0x2e29e534e70, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.182] free (_Block=0x2e29e534e70) [0183.182] CloseHandle (hObject=0x274) returned 1 [0183.183] _ui64tow_s (in: _Value=0x1134, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4404") returned 0x0 [0183.188] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4404") returned 4 [0183.189] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.189] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.205] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1134) returned 0x274 [0183.205] GetLastError () returned 0x0 [0183.205] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.205] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x277018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.205] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.206] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x511e40, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.206] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5119f8, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.208] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.209] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.209] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x277020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.209] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x5113e0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.210] malloc (_Size=0xbc) returned 0x2e29e534e70 [0183.210] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x511a64, lpBuffer=0x2e29e534e70, nSize=0xba, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.210] free (_Block=0x2e29e534e70) [0183.211] CloseHandle (hObject=0x274) returned 1 [0183.212] _ui64tow_s (in: _Value=0x1184, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4484") returned 0x0 [0183.217] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4484") returned 4 [0183.218] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.218] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.282] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1184) returned 0x274 [0183.282] GetLastError () returned 0x0 [0183.282] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.282] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe35ba50018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.283] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.283] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e29dc41bd0, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.283] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e29dc41818, lpBuffer=0xe35bf7c370, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.283] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.285] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.285] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xe35ba50020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.285] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e29dc41200, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.285] malloc (_Size=0x76) returned 0x2e29e5331b0 [0183.285] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2e29dc41864, lpBuffer=0x2e29e5331b0, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e5331b0*, lpNumberOfBytesRead=0x0) returned 1 [0183.286] free (_Block=0x2e29e5331b0) [0183.286] CloseHandle (hObject=0x274) returned 1 [0183.287] _ui64tow_s (in: _Value=0x12ec, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4844") returned 0x0 [0183.291] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4844") returned 4 [0183.292] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.292] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.308] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12ec) returned 0x274 [0183.308] GetLastError () returned 0x0 [0183.308] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.308] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xef057d7018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.308] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.308] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2779aa01c60, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.309] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2779aa018c8, lpBuffer=0xe35bf7c370, nSize=0x48, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.309] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.311] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.311] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xef057d7020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.311] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2779aa012b0, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.311] malloc (_Size=0x54) returned 0x2e29e558aa0 [0183.311] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2779aa01910, lpBuffer=0x2e29e558aa0, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e558aa0*, lpNumberOfBytesRead=0x0) returned 1 [0183.312] free (_Block=0x2e29e558aa0) [0183.313] CloseHandle (hObject=0x274) returned 1 [0183.313] _ui64tow_s (in: _Value=0x1094, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4244") returned 0x0 [0183.342] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4244") returned 4 [0183.343] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.343] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.358] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1094) returned 0x0 [0183.359] CloseHandle (hObject=0x0) returned 0 [0183.359] _ui64tow_s (in: _Value=0x234, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="564") returned 0x0 [0183.364] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="564") returned 3 [0183.365] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.365] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.404] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x234) returned 0x274 [0183.405] GetLastError () returned 0x0 [0183.405] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.405] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2da018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.405] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.405] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f1d10, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.405] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f1918, lpBuffer=0xe35bf7c370, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.406] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.407] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x2da020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.407] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f1300, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.408] malloc (_Size=0x72) returned 0x2e29e534e70 [0183.408] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x1f1984, lpBuffer=0x2e29e534e70, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.408] free (_Block=0x2e29e534e70) [0183.409] CloseHandle (hObject=0x274) returned 1 [0183.409] _ui64tow_s (in: _Value=0x1284, _Buffer=0xe35bf7d540, _BufferCount=0x104, _Radix=10 | out: _Buffer="4740") returned 0x0 [0183.414] _vsnwprintf (in: _Buffer=0xe35bf7d260, _BufferCount=0x103, _Format="%lu", _ArgList=0xe35bf7c5e8 | out: _Buffer="4740") returned 4 [0183.415] GetVersionExW (in: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0xe35bf7c6a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0183.415] _vsnwprintf (in: _Buffer=0xe35bf7d050, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0xe35bf7c5e8 | out: _Buffer="10.0.10586") returned 10 [0183.431] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1284) returned 0x274 [0183.431] GetLastError () returned 0x0 [0183.432] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c640, ReturnLength=0x0) returned 0x0 [0183.432] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xefb981f018, lpBuffer=0xe35bf7c610, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c610*, lpNumberOfBytesRead=0x0) returned 1 [0183.432] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x7ffa7bfc5220, lpBuffer=0xe35bf7c600, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c600*, lpNumberOfBytesRead=0x0) returned 1 [0183.432] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x27dfbe03670, lpBuffer=0xe35bf7ca20, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7ca20*, lpNumberOfBytesRead=0x0) returned 1 [0183.432] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x27dfbe032b4, lpBuffer=0xe35bf7c370, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c370*, lpNumberOfBytesRead=0x0) returned 1 [0183.433] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x1, ProcessInformation=0xe35bf7c670, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c670, ReturnLength=0x0) returned 0x0 [0183.434] NtQueryInformationProcess (in: ProcessHandle=0x274, ProcessInformationClass=0x0, ProcessInformation=0xe35bf7c148, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xe35bf7c148, ReturnLength=0x0) returned 0x0 [0183.434] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0xefb981f020, lpBuffer=0xe35bf7c130, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c130*, lpNumberOfBytesRead=0x0) returned 1 [0183.434] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x27dfbe02c20, lpBuffer=0xe35bf7c180, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xe35bf7c180*, lpNumberOfBytesRead=0x0) returned 1 [0183.434] malloc (_Size=0xda) returned 0x2e29e534e70 [0183.435] ReadProcessMemory (in: hProcess=0x274, lpBaseAddress=0x27dfbe0330a, lpBuffer=0x2e29e534e70, nSize=0xd8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x2e29e534e70*, lpNumberOfBytesRead=0x0) returned 1 [0183.435] free (_Block=0x2e29e534e70) [0183.436] CloseHandle (hObject=0x274) returned 1 [0183.437] free (_Block=0x2e29e537160) [0183.437] malloc (_Size=0x48) returned 0x2e29e52c5c0 [0183.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe35bf7d4c0 | out: lpSystemTimeAsFileTime=0xe35bf7d4c0*(dwLowDateTime=0x56bdd8fe, dwHighDateTime=0x1d9d730)) [0183.438] SetEvent (hEvent=0x258) returned 1 [0183.611] RtlAllocateHeap (HeapHandle=0x2e29dc40000, Flags=0x0, Size=0x4) returned 0x2e29dd092c0 [0183.611] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x2e29dd092c0, pulNumLanguages=0xe35bf7dfb0 | out: pulNumLanguages=0xe35bf7dfb0) returned 1 [0183.612] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dd092c0) returned 1 [0183.612] RtlFreeHeap (HeapHandle=0x2e29dc40000, Flags=0x0, BaseAddress=0x2e29dd093a0) returned 1 Thread: id = 100 os_tid = 0x11d8 Thread: id = 101 os_tid = 0x11d4 [0273.969] DllCanUnloadNow () returned 0x1 Thread: id = 102 os_tid = 0x11c4 Thread: id = 103 os_tid = 0x11c0 Thread: id = 104 os_tid = 0x11bc Thread: id = 105 os_tid = 0x11b8 Thread: id = 106 os_tid = 0x1188 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x53a66000" os_pid = "0xae4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x270" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac07" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3535 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3536 start_va = 0x2db7cd0000 end_va = 0x2db7d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db7cd0000" filename = "" Region: id = 3537 start_va = 0x2db7e00000 end_va = 0x2db7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db7e00000" filename = "" Region: id = 3538 start_va = 0x2db8000000 end_va = 0x2db807ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8000000" filename = "" Region: id = 3539 start_va = 0x2db8080000 end_va = 0x2db80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8080000" filename = "" Region: id = 3540 start_va = 0x2db8180000 end_va = 0x2db81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8180000" filename = "" Region: id = 3541 start_va = 0x2db8200000 end_va = 0x2db827ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8200000" filename = "" Region: id = 3542 start_va = 0x2db8300000 end_va = 0x2db837ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8300000" filename = "" Region: id = 3543 start_va = 0x2db8380000 end_va = 0x2db83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002db8380000" filename = "" Region: id = 3544 start_va = 0x17ffec80000 end_va = 0x17ffec8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffec80000" filename = "" Region: id = 3545 start_va = 0x17ffec90000 end_va = 0x17ffec96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffec90000" filename = "" Region: id = 3546 start_va = 0x17ffeca0000 end_va = 0x17ffecb4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffeca0000" filename = "" Region: id = 3547 start_va = 0x17ffecc0000 end_va = 0x17ffecc3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffecc0000" filename = "" Region: id = 3548 start_va = 0x17ffecd0000 end_va = 0x17ffecd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffecd0000" filename = "" Region: id = 3549 start_va = 0x17ffece0000 end_va = 0x17ffece1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffece0000" filename = "" Region: id = 3550 start_va = 0x17ffecf0000 end_va = 0x17ffedadfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3551 start_va = 0x17ffedb0000 end_va = 0x17ffedb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffedb0000" filename = "" Region: id = 3552 start_va = 0x17ffedc0000 end_va = 0x17ffedc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffedc0000" filename = "" Region: id = 3553 start_va = 0x17ffedd0000 end_va = 0x17ffedd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffedd0000" filename = "" Region: id = 3554 start_va = 0x17ffede0000 end_va = 0x17ffedeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffede0000" filename = "" Region: id = 3555 start_va = 0x17ffedf0000 end_va = 0x17ffedf4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3556 start_va = 0x17ffee00000 end_va = 0x17ffee00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffee00000" filename = "" Region: id = 3557 start_va = 0x17ffee10000 end_va = 0x17ffee10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffee10000" filename = "" Region: id = 3558 start_va = 0x17ffee20000 end_va = 0x17ffee20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017ffee20000" filename = "" Region: id = 3559 start_va = 0x17ffee60000 end_va = 0x17ffef5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017ffee60000" filename = "" Region: id = 3560 start_va = 0x17ffef60000 end_va = 0x17fff296fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3561 start_va = 0x17fff2a0000 end_va = 0x17fff427fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017fff2a0000" filename = "" Region: id = 3562 start_va = 0x17fff430000 end_va = 0x17fff5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017fff430000" filename = "" Region: id = 3563 start_va = 0x17fff5c0000 end_va = 0x17fff67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017fff5c0000" filename = "" Region: id = 3564 start_va = 0x17fff680000 end_va = 0x17fff77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017fff680000" filename = "" Region: id = 3565 start_va = 0x7df5ff590000 end_va = 0x7ff5ff58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff590000" filename = "" Region: id = 3566 start_va = 0x7ff7ce340000 end_va = 0x7ff7ce43ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7ce340000" filename = "" Region: id = 3567 start_va = 0x7ff7ce440000 end_va = 0x7ff7ce462fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7ce440000" filename = "" Region: id = 3568 start_va = 0x7ff7ceb30000 end_va = 0x7ff7cebaffff monitored = 0 entry_point = 0x7ff7ceb45f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3569 start_va = 0x7ffa5f310000 end_va = 0x7ffa5f35cfff monitored = 0 entry_point = 0x7ffa5f31b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 3570 start_va = 0x7ffa633d0000 end_va = 0x7ffa633f4fff monitored = 1 entry_point = 0x7ffa633e5dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 3571 start_va = 0x7ffa6b3c0000 end_va = 0x7ffa6b3d5fff monitored = 0 entry_point = 0x7ffa6b3c55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3572 start_va = 0x7ffa6b700000 end_va = 0x7ffa6b724fff monitored = 0 entry_point = 0x7ffa6b709900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3573 start_va = 0x7ffa6b730000 end_va = 0x7ffa6b743fff monitored = 0 entry_point = 0x7ffa6b731800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3574 start_va = 0x7ffa6b750000 end_va = 0x7ffa6b845fff monitored = 0 entry_point = 0x7ffa6b789590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3575 start_va = 0x7ffa6d6d0000 end_va = 0x7ffa6d6e0fff monitored = 0 entry_point = 0x7ffa6d6d2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3576 start_va = 0x7ffa6f330000 end_va = 0x7ffa6f3aefff monitored = 1 entry_point = 0x7ffa6f347110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3577 start_va = 0x7ffa70330000 end_va = 0x7ffa7036cfff monitored = 1 entry_point = 0x7ffa7033b760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 3578 start_va = 0x7ffa74510000 end_va = 0x7ffa74573fff monitored = 0 entry_point = 0x7ffa74525ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3579 start_va = 0x7ffa74af0000 end_va = 0x7ffa74b00fff monitored = 0 entry_point = 0x7ffa74af3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 3580 start_va = 0x7ffa77990000 end_va = 0x7ffa779c0fff monitored = 0 entry_point = 0x7ffa77997d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3581 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3582 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3583 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3584 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3585 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3586 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3587 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3588 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3589 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3590 start_va = 0x7ffa7b540000 end_va = 0x7ffa7b5aafff monitored = 0 entry_point = 0x7ffa7b5590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3591 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3592 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3593 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3594 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3595 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3596 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 107 os_tid = 0x8bc Thread: id = 108 os_tid = 0xbcc Thread: id = 109 os_tid = 0x2a8 [0248.923] DllCanUnloadNow () returned 0x1 [0248.924] DllCanUnloadNow () returned 0x1 Thread: id = 110 os_tid = 0xb18 Thread: id = 111 os_tid = 0x7f8 Thread: id = 112 os_tid = 0x20c Thread: id = 113 os_tid = 0xadc Process: id = "6" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x46d07000" os_pid = "0x658" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x358" cmd_line = "taskeng.exe {D70E87E4-4C99-459D-9E80-7C0D260F6677} S-1-5-18:NT AUTHORITY\\System:Service:" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac07" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3620 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3621 start_va = 0x9347080000 end_va = 0x93470fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347080000" filename = "" Region: id = 3622 start_va = 0x9347200000 end_va = 0x93473fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347200000" filename = "" Region: id = 3623 start_va = 0x1cc9a480000 end_va = 0x1cc9a49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a480000" filename = "" Region: id = 3624 start_va = 0x1cc9a4a0000 end_va = 0x1cc9a4b4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a4a0000" filename = "" Region: id = 3625 start_va = 0x1cc9a4c0000 end_va = 0x1cc9a4c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a4c0000" filename = "" Region: id = 3626 start_va = 0x1cc9a4d0000 end_va = 0x1cc9a4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a4d0000" filename = "" Region: id = 3627 start_va = 0x1cc9a4e0000 end_va = 0x1cc9a4e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a4e0000" filename = "" Region: id = 3628 start_va = 0x7df5ffcb0000 end_va = 0x7ff5ffcaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffcb0000" filename = "" Region: id = 3629 start_va = 0x7ff6c1590000 end_va = 0x7ff6c15b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c1590000" filename = "" Region: id = 3630 start_va = 0x7ff6c2440000 end_va = 0x7ff6c248cfff monitored = 0 entry_point = 0x7ff6c245e6a0 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3631 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3632 start_va = 0x1cc9a4f0000 end_va = 0x1cc9a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a4f0000" filename = "" Region: id = 3633 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3634 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3635 start_va = 0x1cc9a480000 end_va = 0x1cc9a48ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a480000" filename = "" Region: id = 3636 start_va = 0x7ff6c1490000 end_va = 0x7ff6c158ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c1490000" filename = "" Region: id = 3637 start_va = 0x1cc9a4f0000 end_va = 0x1cc9a5adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3638 start_va = 0x1cc9a630000 end_va = 0x1cc9a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a630000" filename = "" Region: id = 3639 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3640 start_va = 0x9347100000 end_va = 0x934717ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347100000" filename = "" Region: id = 3641 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3642 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3643 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3644 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3645 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3646 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3647 start_va = 0x1cc9a490000 end_va = 0x1cc9a496fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a490000" filename = "" Region: id = 3648 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3649 start_va = 0x1cc9a730000 end_va = 0x1cc9a80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a730000" filename = "" Region: id = 3650 start_va = 0x1cc9a5b0000 end_va = 0x1cc9a5b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a5b0000" filename = "" Region: id = 3651 start_va = 0x1cc9a810000 end_va = 0x1cc9a952fff monitored = 0 entry_point = 0x1cc9a838210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3652 start_va = 0x1cc9a810000 end_va = 0x1cc9a93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a810000" filename = "" Region: id = 3653 start_va = 0x1cc9a810000 end_va = 0x1cc9a8ecfff monitored = 0 entry_point = 0x1cc9a86e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3654 start_va = 0x1cc9a930000 end_va = 0x1cc9a93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a930000" filename = "" Region: id = 3655 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3656 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3657 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3658 start_va = 0x1cc9a730000 end_va = 0x1cc9a7effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a730000" filename = "" Region: id = 3659 start_va = 0x1cc9a800000 end_va = 0x1cc9a80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a800000" filename = "" Region: id = 3660 start_va = 0x1cc9a940000 end_va = 0x1cc9aac7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a940000" filename = "" Region: id = 3661 start_va = 0x1cc9aad0000 end_va = 0x1cc9ac50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9aad0000" filename = "" Region: id = 3662 start_va = 0x1cc9a5c0000 end_va = 0x1cc9a5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskeng.exe.mui" filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui") Region: id = 3663 start_va = 0x1cc9a5d0000 end_va = 0x1cc9a5d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a5d0000" filename = "" Region: id = 3664 start_va = 0x1cc9a5e0000 end_va = 0x1cc9a5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a5e0000" filename = "" Region: id = 3665 start_va = 0x9347180000 end_va = 0x93471fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347180000" filename = "" Region: id = 3666 start_va = 0x7ffa78120000 end_va = 0x7ffa7814cfff monitored = 0 entry_point = 0x7ffa78139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3667 start_va = 0x1cc9a810000 end_va = 0x1cc9a90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a810000" filename = "" Region: id = 3668 start_va = 0x1cc9ac60000 end_va = 0x1cc9ad3cfff monitored = 0 entry_point = 0x1cc9acbe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3669 start_va = 0x9347400000 end_va = 0x934747ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347400000" filename = "" Region: id = 3670 start_va = 0x9347480000 end_va = 0x93474fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347480000" filename = "" Region: id = 3671 start_va = 0x9347500000 end_va = 0x934757ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347500000" filename = "" Region: id = 3672 start_va = 0x1cc9a5f0000 end_va = 0x1cc9a5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001cc9a5f0000" filename = "" Region: id = 3673 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3674 start_va = 0x7ffa76bb0000 end_va = 0x7ffa76bb8fff monitored = 0 entry_point = 0x7ffa76bb1420 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3676 start_va = 0x1cc9ac60000 end_va = 0x1cc9af96fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3677 start_va = 0x1cc9a600000 end_va = 0x1cc9a606fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001cc9a600000" filename = "" Region: id = 3678 start_va = 0x7ffa74cc0000 end_va = 0x7ffa74cf5fff monitored = 0 entry_point = 0x7ffa74cd0070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3687 start_va = 0x9347580000 end_va = 0x93475fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000009347580000" filename = "" Region: id = 3688 start_va = 0x7ffa76220000 end_va = 0x7ffa76298fff monitored = 0 entry_point = 0x7ffa7623fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 3689 start_va = 0x7ff6c1410000 end_va = 0x7ff6c148dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 115 os_tid = 0x350 Thread: id = 116 os_tid = 0xb54 Thread: id = 117 os_tid = 0x58c Thread: id = 118 os_tid = 0xbf0 Thread: id = 119 os_tid = 0x810 Thread: id = 120 os_tid = 0x960 Thread: id = 121 os_tid = 0x7f4 Process: id = "7" image_name = "olicenseheartbeat.exe" filename = "c:\\program files\\common files\\microsoft shared\\office16\\olicenseheartbeat.exe" page_root = "0x97bf000" os_pid = "0x5e8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x658" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\Office16\\OLicenseHeartbeat.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac07" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3679 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3680 start_va = 0xb7b800000 end_va = 0xb7b9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7b800000" filename = "" Region: id = 3681 start_va = 0xb7ba00000 end_va = 0xb7bafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7ba00000" filename = "" Region: id = 3682 start_va = 0x19ebb520000 end_va = 0x19ebb53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb520000" filename = "" Region: id = 3683 start_va = 0x19ebb540000 end_va = 0x19ebb554fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb540000" filename = "" Region: id = 3684 start_va = 0x7ff6de9e0000 end_va = 0x7ff6dea02fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6de9e0000" filename = "" Region: id = 3685 start_va = 0x7ff6ded80000 end_va = 0x7ff6dedcefff monitored = 0 entry_point = 0x7ff6ded8403c region_type = mapped_file name = "olicenseheartbeat.exe" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\OLicenseHeartbeat.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\olicenseheartbeat.exe") Region: id = 3686 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3690 start_va = 0x19ebb560000 end_va = 0x19ebb563fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb560000" filename = "" Region: id = 3691 start_va = 0x19ebb570000 end_va = 0x19ebb571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb570000" filename = "" Region: id = 3692 start_va = 0x19ebb580000 end_va = 0x19ebb77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb580000" filename = "" Region: id = 3693 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3694 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3695 start_va = 0x19ebb520000 end_va = 0x19ebb52ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb520000" filename = "" Region: id = 3696 start_va = 0x7ff6de8e0000 end_va = 0x7ff6de9dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6de8e0000" filename = "" Region: id = 3697 start_va = 0x19ebb580000 end_va = 0x19ebb63dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3698 start_va = 0x19ebb680000 end_va = 0x19ebb77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb680000" filename = "" Region: id = 3699 start_va = 0x7ffa76220000 end_va = 0x7ffa76298fff monitored = 0 entry_point = 0x7ffa7623fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 3700 start_va = 0x7ff6de860000 end_va = 0x7ff6de8ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 3701 start_va = 0xb7bb00000 end_va = 0xb7bbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7bb00000" filename = "" Region: id = 3702 start_va = 0x19ebb530000 end_va = 0x19ebb536fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb530000" filename = "" Region: id = 3703 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3704 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3705 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3706 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3707 start_va = 0x7ffa7b290000 end_va = 0x7ffa7b3d2fff monitored = 0 entry_point = 0x7ffa7b2b8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3708 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3709 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3710 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3711 start_va = 0x7ffa6c1e0000 end_va = 0x7ffa6c1f8fff monitored = 0 entry_point = 0x7ffa6c1eee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 3712 start_va = 0x7ffa6c140000 end_va = 0x7ffa6c1d0fff monitored = 0 entry_point = 0x7ffa6c192430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 3713 start_va = 0x7ffa77640000 end_va = 0x7ffa77733fff monitored = 0 entry_point = 0x7ffa7764a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3714 start_va = 0x7ffa6c130000 end_va = 0x7ffa6c13bfff monitored = 0 entry_point = 0x7ffa6c134150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 3715 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3716 start_va = 0x7ffa61c10000 end_va = 0x7ffa62087fff monitored = 0 entry_point = 0x7ffa61c89154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 3717 start_va = 0x7ffa5f000000 end_va = 0x7ffa5f303fff monitored = 0 entry_point = 0x7ffa5f0a6094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 3718 start_va = 0x19ebb640000 end_va = 0x19ebb641fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb640000" filename = "" Region: id = 3719 start_va = 0x19ebb650000 end_va = 0x19ebb651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb650000" filename = "" Region: id = 3720 start_va = 0x7ffa63fb0000 end_va = 0x7ffa64111fff monitored = 0 entry_point = 0x7ffa64001b30 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 3721 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3722 start_va = 0x19ebb780000 end_va = 0x19ebb8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb780000" filename = "" Region: id = 3723 start_va = 0x19ebb660000 end_va = 0x19ebb666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb660000" filename = "" Region: id = 3724 start_va = 0x19ebb780000 end_va = 0x19ebb83ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb780000" filename = "" Region: id = 3725 start_va = 0x19ebb8a0000 end_va = 0x19ebb8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb8a0000" filename = "" Region: id = 3726 start_va = 0x19ebb8b0000 end_va = 0x19ebba37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb8b0000" filename = "" Region: id = 3727 start_va = 0x19ebba40000 end_va = 0x19ebbbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebba40000" filename = "" Region: id = 3728 start_va = 0x19ebb670000 end_va = 0x19ebb670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb670000" filename = "" Region: id = 3729 start_va = 0x19ebb840000 end_va = 0x19ebb840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb840000" filename = "" Region: id = 3730 start_va = 0x19ebb850000 end_va = 0x19ebb850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb850000" filename = "" Region: id = 3731 start_va = 0x19ebb860000 end_va = 0x19ebb860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb860000" filename = "" Region: id = 3732 start_va = 0x19ebb870000 end_va = 0x19ebb87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebb870000" filename = "" Region: id = 3733 start_va = 0x19ebbbd0000 end_va = 0x19ebbccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebbbd0000" filename = "" Region: id = 3734 start_va = 0x19ebbcd0000 end_va = 0x19ebbdacfff monitored = 0 entry_point = 0x19ebbd2e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3735 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3736 start_va = 0x7ffa6bdf0000 end_va = 0x7ffa6c129fff monitored = 0 entry_point = 0x7ffa6bdf8520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 3737 start_va = 0x19ebb880000 end_va = 0x19ebb881fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebb880000" filename = "" Region: id = 3738 start_va = 0x7ffa79430000 end_va = 0x7ffa7a98efff monitored = 0 entry_point = 0x7ffa795911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3739 start_va = 0x7ffa786c0000 end_va = 0x7ffa78702fff monitored = 0 entry_point = 0x7ffa786d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3740 start_va = 0x7ffa78ba0000 end_va = 0x7ffa791e3fff monitored = 0 entry_point = 0x7ffa78d664b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3741 start_va = 0x7ffa7b220000 end_va = 0x7ffa7b271fff monitored = 0 entry_point = 0x7ffa7b22f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3742 start_va = 0x7ffa78530000 end_va = 0x7ffa785e4fff monitored = 0 entry_point = 0x7ffa785722e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3743 start_va = 0x7ffa784e0000 end_va = 0x7ffa7852afff monitored = 0 entry_point = 0x7ffa784e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3744 start_va = 0x7ffa784a0000 end_va = 0x7ffa784b3fff monitored = 0 entry_point = 0x7ffa784a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3745 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3746 start_va = 0x7ffa6d880000 end_va = 0x7ffa6daf3fff monitored = 0 entry_point = 0x7ffa6d8f0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 3747 start_va = 0x19ebb890000 end_va = 0x19ebb890fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3748 start_va = 0x19ebbcd0000 end_va = 0x19ebbcd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebbcd0000" filename = "" Region: id = 3749 start_va = 0x19ebb890000 end_va = 0x19ebb892fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 3750 start_va = 0x7ffa711b0000 end_va = 0x7ffa711c0fff monitored = 0 entry_point = 0x7ffa711b3e10 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 3751 start_va = 0x7ffa5e5e0000 end_va = 0x7ffa5ecddfff monitored = 0 entry_point = 0x7ffa5e632fcc region_type = mapped_file name = "csi.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Csi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\csi.dll") Region: id = 3752 start_va = 0x7ffa769f0000 end_va = 0x7ffa76b75fff monitored = 0 entry_point = 0x7ffa76a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 3753 start_va = 0xb7bc00000 end_va = 0xb7bcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7bc00000" filename = "" Region: id = 3754 start_va = 0x19ebbce0000 end_va = 0x19ebbce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebbce0000" filename = "" Region: id = 3755 start_va = 0x19ebbcf0000 end_va = 0x19ebc026fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3756 start_va = 0x19ebc030000 end_va = 0x19ebc366fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3757 start_va = 0x19ebc370000 end_va = 0x19ebc528fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 3758 start_va = 0xb7bd00000 end_va = 0xb7bdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7bd00000" filename = "" Region: id = 3759 start_va = 0x19ebc530000 end_va = 0x19ebc530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebc530000" filename = "" Region: id = 3760 start_va = 0x7ffa6f9c0000 end_va = 0x7ffa6f9fafff monitored = 0 entry_point = 0x7ffa6f9c1640 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 3761 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3762 start_va = 0x19ebc540000 end_va = 0x19ebc540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebc540000" filename = "" Region: id = 3763 start_va = 0x7ffa6e410000 end_va = 0x7ffa6e44ffff monitored = 0 entry_point = 0x7ffa6e426c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3764 start_va = 0x19ebc550000 end_va = 0x19ebc62cfff monitored = 0 entry_point = 0x19ebc5ae0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3765 start_va = 0xb7be00000 end_va = 0xb7befffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7be00000" filename = "" Region: id = 3766 start_va = 0x7ffa76c00000 end_va = 0x7ffa76c24fff monitored = 0 entry_point = 0x7ffa76c02300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 3767 start_va = 0xb7bf00000 end_va = 0xb7bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7bf00000" filename = "" Region: id = 3768 start_va = 0xb7c000000 end_va = 0xb7c0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7c000000" filename = "" Region: id = 3769 start_va = 0x7ffa70ae0000 end_va = 0x7ffa70aedfff monitored = 0 entry_point = 0x7ffa70ae1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3941 start_va = 0x7ffa7abb0000 end_va = 0x7ffa7abb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 3942 start_va = 0x7ffa724d0000 end_va = 0x7ffa72597fff monitored = 0 entry_point = 0x7ffa725113f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3943 start_va = 0x7ffa71200000 end_va = 0x7ffa71237fff monitored = 0 entry_point = 0x7ffa71218cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3944 start_va = 0x7ffa7b280000 end_va = 0x7ffa7b287fff monitored = 0 entry_point = 0x7ffa7b281ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3945 start_va = 0x7ffa71100000 end_va = 0x7ffa71115fff monitored = 0 entry_point = 0x7ffa711019f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3946 start_va = 0x7ffa710e0000 end_va = 0x7ffa710f9fff monitored = 0 entry_point = 0x7ffa710e2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3947 start_va = 0x7ffa7b540000 end_va = 0x7ffa7b5aafff monitored = 0 entry_point = 0x7ffa7b5590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3948 start_va = 0x7ffa70370000 end_va = 0x7ffa70384fff monitored = 0 entry_point = 0x7ffa70372dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 3949 start_va = 0x7ffa6eb60000 end_va = 0x7ffa6ed17fff monitored = 0 entry_point = 0x7ffa6ebce630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3950 start_va = 0x7ffa72950000 end_va = 0x7ffa72cd1fff monitored = 0 entry_point = 0x7ffa729a1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3951 start_va = 0x7ffa78120000 end_va = 0x7ffa7814cfff monitored = 0 entry_point = 0x7ffa78139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3952 start_va = 0x19ebc550000 end_va = 0x19ebc550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebc550000" filename = "" Region: id = 3953 start_va = 0x7ffa6db70000 end_va = 0x7ffa6ddfdfff monitored = 0 entry_point = 0x7ffa6dc40f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3954 start_va = 0x19ebc560000 end_va = 0x19ebc560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3955 start_va = 0x7ffa77d70000 end_va = 0x7ffa77dcbfff monitored = 0 entry_point = 0x7ffa77d86f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3956 start_va = 0x7ffa71010000 end_va = 0x7ffa7101afff monitored = 0 entry_point = 0x7ffa71011d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3957 start_va = 0x7ffa76fe0000 end_va = 0x7ffa77089fff monitored = 0 entry_point = 0x7ffa77007910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3958 start_va = 0x7ffa6b290000 end_va = 0x7ffa6b30ffff monitored = 0 entry_point = 0x7ffa6b2bd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3959 start_va = 0x19ebc570000 end_va = 0x19ebc574fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 3960 start_va = 0x19ebc580000 end_va = 0x19ebc58ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 3961 start_va = 0x7ffa6f830000 end_va = 0x7ffa6f839fff monitored = 0 entry_point = 0x7ffa6f8314c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3962 start_va = 0x7ffa70eb0000 end_va = 0x7ffa70f16fff monitored = 0 entry_point = 0x7ffa70eb63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3963 start_va = 0x19ebc590000 end_va = 0x19ebc592fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 3964 start_va = 0x19ebc5a0000 end_va = 0x19ebc5a9fff monitored = 0 entry_point = 0x19ebc5a15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3965 start_va = 0x19ebc5b0000 end_va = 0x19ebc5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3966 start_va = 0x19ebc5a0000 end_va = 0x19ebc5a9fff monitored = 0 entry_point = 0x19ebc5a15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3967 start_va = 0x19ebc5b0000 end_va = 0x19ebc5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3968 start_va = 0x19ebc5a0000 end_va = 0x19ebc5a9fff monitored = 0 entry_point = 0x19ebc5a15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3969 start_va = 0x19ebc5b0000 end_va = 0x19ebc5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3970 start_va = 0x19ebc5a0000 end_va = 0x19ebc5a9fff monitored = 0 entry_point = 0x19ebc5a15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3971 start_va = 0x19ebc5b0000 end_va = 0x19ebc5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3972 start_va = 0x7ffa77e20000 end_va = 0x7ffa77e36fff monitored = 0 entry_point = 0x7ffa77e279d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3973 start_va = 0x7ffa77ab0000 end_va = 0x7ffa77ae3fff monitored = 0 entry_point = 0x7ffa77acae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3974 start_va = 0x7ffa779f0000 end_va = 0x7ffa77a69fff monitored = 0 entry_point = 0x7ffa77a11a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3975 start_va = 0x7ffa78730000 end_va = 0x7ffa788f6fff monitored = 0 entry_point = 0x7ffa7878db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3976 start_va = 0x7ffa784c0000 end_va = 0x7ffa784cffff monitored = 0 entry_point = 0x7ffa784c56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3977 start_va = 0x7ffa77f40000 end_va = 0x7ffa77f4afff monitored = 0 entry_point = 0x7ffa77f419a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3978 start_va = 0x19ebc5a0000 end_va = 0x19ebc5a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebc5a0000" filename = "" Region: id = 3979 start_va = 0x19ebc5a0000 end_va = 0x19ebc69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebc5a0000" filename = "" Region: id = 3980 start_va = 0x19ebc6a0000 end_va = 0x19ebc6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019ebc6a0000" filename = "" Region: id = 3981 start_va = 0x19ebc6b0000 end_va = 0x19ebc6b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebc6b0000" filename = "" Region: id = 3982 start_va = 0x7ffa6b0e0000 end_va = 0x7ffa6b0f3fff monitored = 0 entry_point = 0x7ffa6b0e3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 3983 start_va = 0x7ffa78010000 end_va = 0x7ffa78036fff monitored = 0 entry_point = 0x7ffa78020aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3984 start_va = 0x7ffa77fd0000 end_va = 0x7ffa78009fff monitored = 0 entry_point = 0x7ffa77fd8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 3985 start_va = 0x19ebc6c0000 end_va = 0x19ebc6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019ebc6c0000" filename = "" Region: id = 3986 start_va = 0xb7c100000 end_va = 0xb7c1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7c100000" filename = "" Region: id = 3987 start_va = 0xb7c200000 end_va = 0xb7c2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7c200000" filename = "" Region: id = 3988 start_va = 0x7ffa6b190000 end_va = 0x7ffa6b1adfff monitored = 0 entry_point = 0x7ffa6b19ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 3989 start_va = 0x19ebc6b0000 end_va = 0x19ebc6b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 3990 start_va = 0x7ffa77af0000 end_va = 0x7ffa77af9fff monitored = 0 entry_point = 0x7ffa77af1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 3991 start_va = 0x7ffa6df40000 end_va = 0x7ffa6df4bfff monitored = 0 entry_point = 0x7ffa6df435c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3992 start_va = 0xb7c300000 end_va = 0xb7c3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000b7c300000" filename = "" Thread: id = 122 os_tid = 0x300 Thread: id = 123 os_tid = 0x2fc Thread: id = 124 os_tid = 0x31c Thread: id = 125 os_tid = 0xbac Thread: id = 126 os_tid = 0x48c Thread: id = 155 os_tid = 0x3dc Thread: id = 156 os_tid = 0xc0c Thread: id = 157 os_tid = 0xc40 Thread: id = 158 os_tid = 0xd04 Thread: id = 159 os_tid = 0xd08 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x73bd8000" os_pid = "0x3fc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ced3" [0xc000000f], "LOCAL" [0x7] Region: id = 3770 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3771 start_va = 0x71b2f70000 end_va = 0x71b2feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b2f70000" filename = "" Region: id = 3772 start_va = 0x71b3000000 end_va = 0x71b31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3000000" filename = "" Region: id = 3773 start_va = 0x71b3380000 end_va = 0x71b347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3380000" filename = "" Region: id = 3774 start_va = 0x71b3480000 end_va = 0x71b357ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3480000" filename = "" Region: id = 3775 start_va = 0x71b3580000 end_va = 0x71b367ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3580000" filename = "" Region: id = 3776 start_va = 0x71b3780000 end_va = 0x71b37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3780000" filename = "" Region: id = 3777 start_va = 0x71b3900000 end_va = 0x71b39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3900000" filename = "" Region: id = 3778 start_va = 0x71b3a00000 end_va = 0x71b3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3a00000" filename = "" Region: id = 3779 start_va = 0x71b3b00000 end_va = 0x71b3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3b00000" filename = "" Region: id = 3780 start_va = 0x71b3d00000 end_va = 0x71b3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3d00000" filename = "" Region: id = 3781 start_va = 0x71b3f00000 end_va = 0x71b3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b3f00000" filename = "" Region: id = 3782 start_va = 0x71b4000000 end_va = 0x71b40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4000000" filename = "" Region: id = 3783 start_va = 0x71b4100000 end_va = 0x71b41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4100000" filename = "" Region: id = 3784 start_va = 0x71b4200000 end_va = 0x71b42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4200000" filename = "" Region: id = 3785 start_va = 0x71b4300000 end_va = 0x71b43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4300000" filename = "" Region: id = 3786 start_va = 0x71b4400000 end_va = 0x71b44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4400000" filename = "" Region: id = 3787 start_va = 0x71b4500000 end_va = 0x71b45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4500000" filename = "" Region: id = 3788 start_va = 0x71b4800000 end_va = 0x71b48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4800000" filename = "" Region: id = 3789 start_va = 0x71b4900000 end_va = 0x71b49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4900000" filename = "" Region: id = 3790 start_va = 0x71b4a00000 end_va = 0x71b4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4a00000" filename = "" Region: id = 3791 start_va = 0x71b4e80000 end_va = 0x71b4f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b4e80000" filename = "" Region: id = 3792 start_va = 0x71b5500000 end_va = 0x71b55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5500000" filename = "" Region: id = 3793 start_va = 0x71b5600000 end_va = 0x71b56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5600000" filename = "" Region: id = 3794 start_va = 0x71b5700000 end_va = 0x71b57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5700000" filename = "" Region: id = 3795 start_va = 0x71b5800000 end_va = 0x71b58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5800000" filename = "" Region: id = 3796 start_va = 0x71b5b00000 end_va = 0x71b5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5b00000" filename = "" Region: id = 3797 start_va = 0x71b5c00000 end_va = 0x71b5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5c00000" filename = "" Region: id = 3798 start_va = 0x71b5d00000 end_va = 0x71b5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5d00000" filename = "" Region: id = 3799 start_va = 0x71b5f00000 end_va = 0x71b5ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000071b5f00000" filename = "" Region: id = 3800 start_va = 0x26425da0000 end_va = 0x26425daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425da0000" filename = "" Region: id = 3801 start_va = 0x26425db0000 end_va = 0x26425db0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 3802 start_va = 0x26425dc0000 end_va = 0x26425dd4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425dc0000" filename = "" Region: id = 3803 start_va = 0x26425de0000 end_va = 0x26425de3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425de0000" filename = "" Region: id = 3804 start_va = 0x26425df0000 end_va = 0x26425df0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425df0000" filename = "" Region: id = 3805 start_va = 0x26425e00000 end_va = 0x26425e01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425e00000" filename = "" Region: id = 3806 start_va = 0x26425e10000 end_va = 0x26425ecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3807 start_va = 0x26425ed0000 end_va = 0x26425ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425ed0000" filename = "" Region: id = 3808 start_va = 0x26425ee0000 end_va = 0x26425ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425ee0000" filename = "" Region: id = 3809 start_va = 0x26425ef0000 end_va = 0x26425ef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425ef0000" filename = "" Region: id = 3810 start_va = 0x26425f00000 end_va = 0x26425f00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425f00000" filename = "" Region: id = 3811 start_va = 0x26425f10000 end_va = 0x26425f10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425f10000" filename = "" Region: id = 3812 start_va = 0x26425f20000 end_va = 0x26425f26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425f20000" filename = "" Region: id = 3813 start_va = 0x26425f30000 end_va = 0x26425f31fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netprofmsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui") Region: id = 3814 start_va = 0x26425f40000 end_va = 0x26425f41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425f40000" filename = "" Region: id = 3815 start_va = 0x26425f50000 end_va = 0x26425f54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 3816 start_va = 0x26425f60000 end_va = 0x26425f66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425f60000" filename = "" Region: id = 3817 start_va = 0x26425f70000 end_va = 0x26425f9dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425f70000" filename = "" Region: id = 3818 start_va = 0x26425fa0000 end_va = 0x26425fa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026425fa0000" filename = "" Region: id = 3819 start_va = 0x26425fb0000 end_va = 0x26425fb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026425fb0000" filename = "" Region: id = 3820 start_va = 0x26425fc0000 end_va = 0x26425fd1fff monitored = 0 entry_point = 0x26425fe7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3821 start_va = 0x26425fe0000 end_va = 0x26425fe0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 3822 start_va = 0x26425ff0000 end_va = 0x26425ff4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 3823 start_va = 0x26426000000 end_va = 0x264260fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026426000000" filename = "" Region: id = 3824 start_va = 0x26426100000 end_va = 0x264261fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026426100000" filename = "" Region: id = 3825 start_va = 0x26426200000 end_va = 0x26426387fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026426200000" filename = "" Region: id = 3826 start_va = 0x26426390000 end_va = 0x26426510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026426390000" filename = "" Region: id = 3827 start_va = 0x26426520000 end_va = 0x264265dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000026426520000" filename = "" Region: id = 3828 start_va = 0x264265e0000 end_va = 0x264265effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 3829 start_va = 0x264265f0000 end_va = 0x264265f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 3830 start_va = 0x26426600000 end_va = 0x264266fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026426600000" filename = "" Region: id = 3831 start_va = 0x26426700000 end_va = 0x264267fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026426700000" filename = "" Region: id = 3832 start_va = 0x26426800000 end_va = 0x264277fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 3833 start_va = 0x26427800000 end_va = 0x26427848fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 3834 start_va = 0x26427850000 end_va = 0x26427b86fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3835 start_va = 0x26427ba0000 end_va = 0x26427bb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dnsapi.dll.mui" filename = "\\Windows\\System32\\en-US\\dnsapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dnsapi.dll.mui") Region: id = 3836 start_va = 0x26427bc0000 end_va = 0x26427bc9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 3837 start_va = 0x26427c00000 end_va = 0x26427cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026427c00000" filename = "" Region: id = 3838 start_va = 0x26427eb0000 end_va = 0x26427eb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026427eb0000" filename = "" Region: id = 3839 start_va = 0x26427f00000 end_va = 0x26427ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026427f00000" filename = "" Region: id = 3840 start_va = 0x26428000000 end_va = 0x264280fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026428000000" filename = "" Region: id = 3841 start_va = 0x26428390000 end_va = 0x2642846ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3842 start_va = 0x26428500000 end_va = 0x264285fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026428500000" filename = "" Region: id = 3843 start_va = 0x26428600000 end_va = 0x264286fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000026428600000" filename = "" Region: id = 3844 start_va = 0x26428700000 end_va = 0x26428efffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 3845 start_va = 0x7df5ff3d0000 end_va = 0x7ff5ff3cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff3d0000" filename = "" Region: id = 3846 start_va = 0x7ff723c80000 end_va = 0x7ff723d7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff723c80000" filename = "" Region: id = 3847 start_va = 0x7ff723d80000 end_va = 0x7ff723da2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff723d80000" filename = "" Region: id = 3848 start_va = 0x7ff7241b0000 end_va = 0x7ff7241bcfff monitored = 0 entry_point = 0x7ff7241b3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3849 start_va = 0x7ffa5ece0000 end_va = 0x7ffa5ed90fff monitored = 0 entry_point = 0x7ffa5ed51ca0 region_type = mapped_file name = "windows.security.authentication.web.core.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll") Region: id = 3850 start_va = 0x7ffa63070000 end_va = 0x7ffa631acfff monitored = 0 entry_point = 0x7ffa6308a6a0 region_type = mapped_file name = "licensemanager.dll" filename = "\\Windows\\System32\\LicenseManager.dll" (normalized: "c:\\windows\\system32\\licensemanager.dll") Region: id = 3851 start_va = 0x7ffa63780000 end_va = 0x7ffa63795fff monitored = 0 entry_point = 0x7ffa6378b550 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 3852 start_va = 0x7ffa65f70000 end_va = 0x7ffa661e9fff monitored = 0 entry_point = 0x7ffa65f8a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 3853 start_va = 0x7ffa68bb0000 end_va = 0x7ffa68c74fff monitored = 0 entry_point = 0x7ffa68bbe740 region_type = mapped_file name = "windows.web.dll" filename = "\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll") Region: id = 3854 start_va = 0x7ffa6b0e0000 end_va = 0x7ffa6b0f3fff monitored = 0 entry_point = 0x7ffa6b0e3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 3855 start_va = 0x7ffa6b190000 end_va = 0x7ffa6b1adfff monitored = 0 entry_point = 0x7ffa6b19ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 3856 start_va = 0x7ffa6b290000 end_va = 0x7ffa6b30ffff monitored = 0 entry_point = 0x7ffa6b2bd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3857 start_va = 0x7ffa6df70000 end_va = 0x7ffa6df9bfff monitored = 0 entry_point = 0x7ffa6df71d20 region_type = mapped_file name = "authbroker.dll" filename = "\\Windows\\System32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll") Region: id = 3858 start_va = 0x7ffa6e340000 end_va = 0x7ffa6e34afff monitored = 0 entry_point = 0x7ffa6e341a20 region_type = mapped_file name = "licensemanagersvc.dll" filename = "\\Windows\\System32\\LicenseManagerSvc.dll" (normalized: "c:\\windows\\system32\\licensemanagersvc.dll") Region: id = 3859 start_va = 0x7ffa6e350000 end_va = 0x7ffa6e367fff monitored = 0 entry_point = 0x7ffa6e354a20 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 3860 start_va = 0x7ffa6f180000 end_va = 0x7ffa6f19cfff monitored = 0 entry_point = 0x7ffa6f186190 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 3861 start_va = 0x7ffa6f480000 end_va = 0x7ffa6f496fff monitored = 0 entry_point = 0x7ffa6f486620 region_type = mapped_file name = "msauserext.dll" filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll") Region: id = 3862 start_va = 0x7ffa6f4a0000 end_va = 0x7ffa6f533fff monitored = 0 entry_point = 0x7ffa6f4d9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 3863 start_va = 0x7ffa6f540000 end_va = 0x7ffa6f7e2fff monitored = 0 entry_point = 0x7ffa6f566190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 3864 start_va = 0x7ffa6f830000 end_va = 0x7ffa6f839fff monitored = 0 entry_point = 0x7ffa6f8314c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3865 start_va = 0x7ffa70460000 end_va = 0x7ffa7047dfff monitored = 0 entry_point = 0x7ffa70461690 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 3866 start_va = 0x7ffa70480000 end_va = 0x7ffa70498fff monitored = 0 entry_point = 0x7ffa70482180 region_type = mapped_file name = "bthradiomedia.dll" filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll") Region: id = 3867 start_va = 0x7ffa704a0000 end_va = 0x7ffa704b3fff monitored = 0 entry_point = 0x7ffa704a1a50 region_type = mapped_file name = "wlanradiomanager.dll" filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll") Region: id = 3868 start_va = 0x7ffa70ae0000 end_va = 0x7ffa70aedfff monitored = 0 entry_point = 0x7ffa70ae1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3869 start_va = 0x7ffa70b10000 end_va = 0x7ffa70b9afff monitored = 0 entry_point = 0x7ffa70b2d2a0 region_type = mapped_file name = "netprofmsvc.dll" filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll") Region: id = 3870 start_va = 0x7ffa70eb0000 end_va = 0x7ffa70f16fff monitored = 0 entry_point = 0x7ffa70eb63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3871 start_va = 0x7ffa71010000 end_va = 0x7ffa7101afff monitored = 0 entry_point = 0x7ffa71011d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3872 start_va = 0x7ffa710e0000 end_va = 0x7ffa710f9fff monitored = 0 entry_point = 0x7ffa710e2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3873 start_va = 0x7ffa71100000 end_va = 0x7ffa71115fff monitored = 0 entry_point = 0x7ffa711019f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3874 start_va = 0x7ffa71200000 end_va = 0x7ffa71237fff monitored = 0 entry_point = 0x7ffa71218cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3875 start_va = 0x7ffa71470000 end_va = 0x7ffa7147cfff monitored = 0 entry_point = 0x7ffa71472650 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 3876 start_va = 0x7ffa715c0000 end_va = 0x7ffa715e1fff monitored = 0 entry_point = 0x7ffa715d2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 3877 start_va = 0x7ffa715f0000 end_va = 0x7ffa716c4fff monitored = 0 entry_point = 0x7ffa7160cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 3878 start_va = 0x7ffa716d0000 end_va = 0x7ffa71781fff monitored = 0 entry_point = 0x7ffa716ef750 region_type = mapped_file name = "windows.security.authentication.onlineid.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll") Region: id = 3879 start_va = 0x7ffa71c40000 end_va = 0x7ffa71c68fff monitored = 0 entry_point = 0x7ffa71c524d0 region_type = mapped_file name = "fontprovider.dll" filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll") Region: id = 3880 start_va = 0x7ffa71c70000 end_va = 0x7ffa71e11fff monitored = 0 entry_point = 0x7ffa71cbc2d0 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 3881 start_va = 0x7ffa72480000 end_va = 0x7ffa7248bfff monitored = 0 entry_point = 0x7ffa724814d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 3882 start_va = 0x7ffa724d0000 end_va = 0x7ffa72597fff monitored = 0 entry_point = 0x7ffa725113f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3883 start_va = 0x7ffa725a0000 end_va = 0x7ffa72600fff monitored = 0 entry_point = 0x7ffa725a4b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 3884 start_va = 0x7ffa72950000 end_va = 0x7ffa72cd1fff monitored = 0 entry_point = 0x7ffa729a1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3885 start_va = 0x7ffa74210000 end_va = 0x7ffa74289fff monitored = 0 entry_point = 0x7ffa74237630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3886 start_va = 0x7ffa74290000 end_va = 0x7ffa743c5fff monitored = 0 entry_point = 0x7ffa742bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 3887 start_va = 0x7ffa744f0000 end_va = 0x7ffa74505fff monitored = 0 entry_point = 0x7ffa744f1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 3888 start_va = 0x7ffa74580000 end_va = 0x7ffa745c9fff monitored = 0 entry_point = 0x7ffa7458ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 3889 start_va = 0x7ffa74790000 end_va = 0x7ffa747c2fff monitored = 0 entry_point = 0x7ffa7479d5a0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 3890 start_va = 0x7ffa747d0000 end_va = 0x7ffa74861fff monitored = 0 entry_point = 0x7ffa7481a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 3891 start_va = 0x7ffa74870000 end_va = 0x7ffa748e8fff monitored = 0 entry_point = 0x7ffa74887800 region_type = mapped_file name = "geolocation.dll" filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll") Region: id = 3892 start_va = 0x7ffa74cc0000 end_va = 0x7ffa74cf5fff monitored = 0 entry_point = 0x7ffa74cd0070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3893 start_va = 0x7ffa75640000 end_va = 0x7ffa75657fff monitored = 0 entry_point = 0x7ffa75645910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3894 start_va = 0x7ffa763e0000 end_va = 0x7ffa763f1fff monitored = 0 entry_point = 0x7ffa763e1a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 3895 start_va = 0x7ffa76450000 end_va = 0x7ffa768e2fff monitored = 0 entry_point = 0x7ffa7645f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 3896 start_va = 0x7ffa76bd0000 end_va = 0x7ffa76bdffff monitored = 0 entry_point = 0x7ffa76bd1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 3897 start_va = 0x7ffa76ec0000 end_va = 0x7ffa76ee6fff monitored = 0 entry_point = 0x7ffa76ec7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3898 start_va = 0x7ffa76fe0000 end_va = 0x7ffa77089fff monitored = 0 entry_point = 0x7ffa77007910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3899 start_va = 0x7ffa77090000 end_va = 0x7ffa7718ffff monitored = 0 entry_point = 0x7ffa770d0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 3900 start_va = 0x7ffa774a0000 end_va = 0x7ffa774c3fff monitored = 0 entry_point = 0x7ffa774a3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3901 start_va = 0x7ffa77640000 end_va = 0x7ffa77733fff monitored = 0 entry_point = 0x7ffa7764a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3902 start_va = 0x7ffa778b0000 end_va = 0x7ffa778bbfff monitored = 0 entry_point = 0x7ffa778b27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3903 start_va = 0x7ffa779f0000 end_va = 0x7ffa77a69fff monitored = 0 entry_point = 0x7ffa77a11a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3904 start_va = 0x7ffa77ab0000 end_va = 0x7ffa77ae3fff monitored = 0 entry_point = 0x7ffa77acae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3905 start_va = 0x7ffa77af0000 end_va = 0x7ffa77af9fff monitored = 0 entry_point = 0x7ffa77af1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 3906 start_va = 0x7ffa77c00000 end_va = 0x7ffa77c1efff monitored = 0 entry_point = 0x7ffa77c05d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3907 start_va = 0x7ffa77d70000 end_va = 0x7ffa77dcbfff monitored = 0 entry_point = 0x7ffa77d86f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3908 start_va = 0x7ffa77e20000 end_va = 0x7ffa77e36fff monitored = 0 entry_point = 0x7ffa77e279d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3909 start_va = 0x7ffa77f40000 end_va = 0x7ffa77f4afff monitored = 0 entry_point = 0x7ffa77f419a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3910 start_va = 0x7ffa77fd0000 end_va = 0x7ffa78009fff monitored = 0 entry_point = 0x7ffa77fd8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 3911 start_va = 0x7ffa78010000 end_va = 0x7ffa78036fff monitored = 0 entry_point = 0x7ffa78020aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3912 start_va = 0x7ffa78120000 end_va = 0x7ffa7814cfff monitored = 0 entry_point = 0x7ffa78139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3913 start_va = 0x7ffa78330000 end_va = 0x7ffa78358fff monitored = 0 entry_point = 0x7ffa78344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3914 start_va = 0x7ffa78360000 end_va = 0x7ffa783f8fff monitored = 0 entry_point = 0x7ffa7838f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3915 start_va = 0x7ffa784a0000 end_va = 0x7ffa784b3fff monitored = 0 entry_point = 0x7ffa784a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3916 start_va = 0x7ffa784c0000 end_va = 0x7ffa784cffff monitored = 0 entry_point = 0x7ffa784c56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3917 start_va = 0x7ffa784d0000 end_va = 0x7ffa784defff monitored = 0 entry_point = 0x7ffa784d3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3918 start_va = 0x7ffa784e0000 end_va = 0x7ffa7852afff monitored = 0 entry_point = 0x7ffa784e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3919 start_va = 0x7ffa78530000 end_va = 0x7ffa785e4fff monitored = 0 entry_point = 0x7ffa785722e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3920 start_va = 0x7ffa785f0000 end_va = 0x7ffa78644fff monitored = 0 entry_point = 0x7ffa78607970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3921 start_va = 0x7ffa78650000 end_va = 0x7ffa786b9fff monitored = 0 entry_point = 0x7ffa78686d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3922 start_va = 0x7ffa786c0000 end_va = 0x7ffa78702fff monitored = 0 entry_point = 0x7ffa786d4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3923 start_va = 0x7ffa78730000 end_va = 0x7ffa788f6fff monitored = 0 entry_point = 0x7ffa7878db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3924 start_va = 0x7ffa789b0000 end_va = 0x7ffa78b97fff monitored = 0 entry_point = 0x7ffa789dba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3925 start_va = 0x7ffa78ba0000 end_va = 0x7ffa791e3fff monitored = 0 entry_point = 0x7ffa78d664b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3926 start_va = 0x7ffa79390000 end_va = 0x7ffa7942cfff monitored = 0 entry_point = 0x7ffa793978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3927 start_va = 0x7ffa7a9a0000 end_va = 0x7ffa7aa4cfff monitored = 0 entry_point = 0x7ffa7a9b81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3928 start_va = 0x7ffa7aa50000 end_va = 0x7ffa7ab6bfff monitored = 0 entry_point = 0x7ffa7aa902b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3929 start_va = 0x7ffa7abc0000 end_va = 0x7ffa7ad15fff monitored = 0 entry_point = 0x7ffa7abca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3930 start_va = 0x7ffa7ad20000 end_va = 0x7ffa7ad7afff monitored = 0 entry_point = 0x7ffa7ad338b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3931 start_va = 0x7ffa7b220000 end_va = 0x7ffa7b271fff monitored = 0 entry_point = 0x7ffa7b22f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3932 start_va = 0x7ffa7b280000 end_va = 0x7ffa7b287fff monitored = 0 entry_point = 0x7ffa7b281ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3933 start_va = 0x7ffa7b290000 end_va = 0x7ffa7b3d2fff monitored = 0 entry_point = 0x7ffa7b2b8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3934 start_va = 0x7ffa7b540000 end_va = 0x7ffa7b5aafff monitored = 0 entry_point = 0x7ffa7b5590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3935 start_va = 0x7ffa7b7c0000 end_va = 0x7ffa7b866fff monitored = 0 entry_point = 0x7ffa7b7cb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3936 start_va = 0x7ffa7b8d0000 end_va = 0x7ffa7bb4cfff monitored = 0 entry_point = 0x7ffa7b9a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3937 start_va = 0x7ffa7bb50000 end_va = 0x7ffa7bcd5fff monitored = 0 entry_point = 0x7ffa7bb9ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3938 start_va = 0x7ffa7bd00000 end_va = 0x7ffa7bdc0fff monitored = 0 entry_point = 0x7ffa7bd20da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3939 start_va = 0x7ffa7bdd0000 end_va = 0x7ffa7be76fff monitored = 0 entry_point = 0x7ffa7bde58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3940 start_va = 0x7ffa7be80000 end_va = 0x7ffa7c040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 127 os_tid = 0x10ac Thread: id = 128 os_tid = 0xaf4 Thread: id = 129 os_tid = 0x524 Thread: id = 130 os_tid = 0x7a4 Thread: id = 131 os_tid = 0x2a0 Thread: id = 132 os_tid = 0x844 Thread: id = 133 os_tid = 0x484 Thread: id = 134 os_tid = 0x404 Thread: id = 135 os_tid = 0x46c Thread: id = 136 os_tid = 0x6c0 Thread: id = 137 os_tid = 0x578 Thread: id = 138 os_tid = 0x7a0 Thread: id = 139 os_tid = 0x57c Thread: id = 140 os_tid = 0x544 Thread: id = 141 os_tid = 0x540 Thread: id = 142 os_tid = 0x53c Thread: id = 143 os_tid = 0x538 Thread: id = 144 os_tid = 0x534 Thread: id = 145 os_tid = 0x510 Thread: id = 146 os_tid = 0x4b4 Thread: id = 147 os_tid = 0x424 Thread: id = 148 os_tid = 0x420 Thread: id = 149 os_tid = 0x41c Thread: id = 150 os_tid = 0x170 Thread: id = 151 os_tid = 0x184 Thread: id = 152 os_tid = 0x15c Thread: id = 153 os_tid = 0x190 Thread: id = 154 os_tid = 0x60